I am running Apache 2.0.55/ModPerl 2.0.2/OpenSSL 0.9.7c/PHP 4.4.1 on a Linux Fedora Core 2 AMD box with Perl 5.8.4. The box runs only as a web server and only serves https (port 443). It serves pages just fine.
User authentication is via mod_ssl with a flat httpd.passwd file (FakeBasicAuth). What I would like to do is intercept primary requests before and after user authentication so that I can do some pre and post authentication processing (think of it as extended authentication). So, I organize a PerlAccessHandler (pre) and a PerlAuthenHandler (post) module. Each handler writes a log entry when called, does some processing and returns DECLINED. I start the server from scratch, clear the browser cache+cookies, and fetch a page. The PerlAccessHandler reports present, user gets authenticated, then the PerlAuthenHandler reports and the page is at the browser. So far, so good. I fetch the next page (a completely new page), and nothing. No entries in any log and my handlers write nothing into the error log. But the page appears from....somewhere. Turning on LogLevel debug has no effect. Clearing the browser cache+cookies and restarting the web server should clear all possible cache ent ries t hat I know about....but it doesn't. This is a test server so I have complete control over what goes on. No proxies, no DNS issues, no alternate page sources. This is driving me crazy (well, worse than normal anyway). AFIAK, in order to serve a page, all requests have to travel the same path and that should include user authentication. Any suggestions on how to debug would be welcome. Cheers, John