--- /usr/lib/perl5/site_perl/5.6.1/Apache/AuthCookie.pm.orig Mon Feb 10 12:36:40 2003 +++ /usr/lib/perl5/site_perl/5.6.1/Apache/AuthCookie.pm Mon Feb 23 19:24:33 2004 @@ -19,8 +19,10 @@ return unless $auth_type && $auth_name; return unless $r->header_in('Cookie'); - my ($cookie) = $r->header_in('Cookie') =~ /${auth_type}_${auth_name}=([^;]+)/; - $r->log_error("cookie ${auth_type}_${auth_name} is $cookie") if $debug >= 2; + my $cookie_name = $r->dir_config("AuthCookieName"); + $cookie_name = $auth_type.'_'.$auth_name unless $cookie_name; + my ($cookie) = $r->header_in('Cookie') =~ /$cookie_name=([^;]+)/; + $r->log_error("cookie $cookie_name is $cookie") if $debug >= 2; return unless $cookie; my ($user,@args) = $auth_type->authen_ses_key($r, $cookie); @@ -114,12 +116,15 @@ sub logout($$) { my ($self,$r) = @_; my $debug = $r->dir_config("AuthCookieDebug") || 0; - + my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name); - + + my $cookie_name = $r->dir_config("AuthCookieName"); + $cookie_name = $auth_type.'_'.$auth_name unless $cookie_name; + # Send the Set-Cookie header to expire the auth cookie. my $str = $self->cookie_string( request => $r, - key => "$auth_type\_$auth_name", + key => $cookie_name, value => '', expires => 'Mon, 21-May-1971 00:00:00 GMT' ); $r->err_headers_out->add("Set-Cookie" => "$str"); @@ -165,7 +170,10 @@ # Get the Cookie header. If there is a session key for this realm, strip # off everything but the value of the cookie. - my ($ses_key_cookie) = ($r->header_in("Cookie") || "") =~ /$auth_type\_$auth_name=([^;]+)/; + my $cookie_name = $r->dir_config("AuthCookieName"); + $cookie_name = $auth_type.'_'.$auth_name unless $cookie_name; + my ($ses_key_cookie) = + ($r->header_in("Cookie") || "") =~ /$cookie_name=([^;]+)/; $ses_key_cookie = "" unless defined($ses_key_cookie); $r->log_error("ses_key_cookie " . $ses_key_cookie) if ($debug >= 1); @@ -190,10 +198,10 @@ # There was a session key set, but it's invalid for some reason. So, # remove it from the client now so when the credential data is posted # we act just like it's a new session starting. - + my $str = $auth_type->cookie_string( request => $r, - key => "$auth_type\_$auth_name", + key => $cookie_name, value => '', expires => 'Mon, 21-May-1971 00:00:00 GMT' ); @@ -321,8 +329,10 @@ my $r = Apache->request(); my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name); + my $cookie_name = $r->dir_config("AuthCookieName"); + $cookie_name = $auth_type.'_'.$auth_name unless $cookie_name; my $cookie = $self->cookie_string( request => $r, - key => "$auth_type\_$auth_name", + key => $cookie_name, value => $ses_key ); # add P3P header if user has configured it. @@ -381,7 +391,9 @@ my $allcook = ($r->header_in("Cookie") || ""); my ($type, $name) = ($r->auth_type, $r->auth_name); - return ($allcook =~ /(?:^|\s)${type}_$name=([^;]*)/)[0]; + my $cookie_name = $r->dir_config("AuthCookieName"); + $cookie_name = $type.'_'.$name unless $cookie_name; + return ($allcook =~ /(?:^|\s)$cookie_name=([^;]*)/)[0]; } sub get_cookie_path { @@ -530,6 +542,15 @@ into your server setup file and your access cookies will span all hosts ending in C<.yourhost.com>. +=item 5 + +You can optionally specify the name of your access cookies with the +following directive: + + PerlSetVar AuthCookieName MyCustomLogin_ID + +If not set, the default cookie name is "_" + =back This is the flow of the authentication handler, less the details of the