I started having an odd problem with a simple subclass of Apache2::AuthCookie after a mod_perl upgrade.
When authorization fails, apache apparently returns a forbidden page to the user (not just a forbidden status to the authentication hook) then fails to redirect the user back to the login page. The browser actually displays the following: ody> <h1>Forbidden</h1> <p>You don't have permission to access /archive/ on this server.</p> <p>Additionally, a 200 OK error was encountered while trying to use an ErrorDocument to handle the request.</p> <hr> <address>Apache Server at www.psychonomic.org Port 80</address> </body></html> HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 19:54:27 GMT Server: Apache Keep-Alive: timeout=15, max=88 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 fd6 <!-- psychonomic.org/templates/archive/frontpage.tmpl --> (The code can be seen in action at http://www.psychonomic.org/archive ) Authorization only seems to fail 1 out of 50 times. A similar error happens when the 'Continue' button on the page is pressed repeatedly (5+ times) without checking the 'I agree' checkbox. I only need to make sure the user has checked a box agreeing to the website's terms and conditions. I don't use any kind of user/pass combinations. perl 5.8.8 apache 2.2.11 mod_perl 2.0.4 My module code is: package TermsAndConditions; use strict; use Apache2::compat; use base qw! Apache2::AuthCookie !; sub authen_cred ($$\@) { my $self = shift; # Package name (same as AuthName directive) my $r = shift; # Apache request object my @cred = @_; # Credentials from login form return ( $cred[0] ? "authorized" : undef ); } sub authen_ses_key ($$$) { my ($self, $r, $session_key) = @_; return 1; } 1; The relevant httpd.conf directives are: <Directory /home/httpd/psychonomic.org/modperl_apps> <Files login.pl> SetHandler perl-script PerlHandler ModPerl::Registry Options +ExecCGI allow from all PerlSendHeader On </Files> </Directory> <Files logout.pl> SetHandler perl-script PerlHandler ModPerl::Registry Options +ExecCGI PerlSendHeader On </Files> ## These documents require user to be logged in. <Directory /home/httpd/psychonomic.org/html/archive> Options +ExecCGI AuthType TermsAndConditions AuthName PsychoMembers PerlAuthenHandler TermsAndConditions->authenticate PerlAuthzHandler TermsAndConditions->authorize require valid-user #SetHandler perl-script #PerlSendHeader On </Directory> ##this is the action of the login.pl script above. <Location /apps/LOGIN> AuthType TermsAndConditions AuthName PsychoMembers SetHandler perl-script PerlSendHeader On PerlResponseHandler TermsAndConditions->login </Location>