Hi All,
I'm in the process of trying to get this PerlTransHandler which does a
redirect back to the handler in such a way that once they log in,
instead of "/handler/" being the URI, it becomes "/handler/username".
I'm able to get a simple version of this, just for proof of concept,
that takes input from a form value called "op", and redirects
"/handlername/" to "/handlername/edit" for instance, if "op" is equal to
"edit". That works. So, the next step is to get the username, but _only_
if the user is logged in.
Currently, I have the main application handler do authentication simply
by checking username and password to the database (md5 hex of the
password) and if it matches, set a session cookie, which for every
subsequent operation is checked, and if set, the user is seen as logged in.
My PerlTransHandler that I wrote runs much earlier than the primary
application handler, and I then though "should this handle the
authentication", then reading even further, should I move authentication
to a PerlAuthenHandler (?). I would still want to use my login page (not
the login dialogue you obtain using .htpassword). Having not coded
mod_perl apps in a while, but remember somewhere that this is pretty
easy to do, I'm wondering if this is indeed a good idea.
Any thoughts, suggestions on how I should implement this? Any links to
info on how to do this (other than what I've found via google) would be
appreciated this.
Also, another question. I am coding this so it will work on a number of
apache/mod_perl versions, which includes allowing it to run using CGI,
which I've found using PerlTransHandler requires me to set
PerlOptions +GlobalRequest
to my httpd-perl.conf. What are the repercussions for using this setting?
Thanks in advance!
Patrick
--
Patrick Galbraith, Senior Systems Engineer
MySQL AB, www.mysql.com
Satyam Eva Jayate - Truth Alone Triumphs
Mundaka Upanishad