Carl Johnstone wrote: > Michael Peters wrote: >> mod_auth_tkt. You can set the authorization ticket with mod_perl and >> then just >> let mod_auth_tkt handle it on the non-mod_perl apache. It's extremely >> light >> weight and really fast. >> > Got this on my "to implement soon" list - any tips/caveats?
The only problem I've ever had was that you can configure mod_auth_tkt to refresh the auth tkt cookie so session timeouts are fixed, but rather based on the last activity of the person. This sounds like a really good idea unless you have a caching proxy in front of things. This is because if mod_auth_tkt decides to refresh a cookie on say a CSS file and then the proxy caches that it will also cache the cookie header. And anyone who then requests that file later from the proxy's cache will suddenly get someone else's auth tkt. Very strange behavior ensues. -- Michael Peters Developer Plus Three, LP
