Apache::ASP cookieless sessions question
Hi, Throughout my web pages I provide a link for the user to login, which goes to a username/password check which then forwards the user back to the original page where he clicked "login". The login link is implemented with: login And of course /user/login (an ASP script) will eventually $Response->Redirect() the client to the original URL. The only problem is that if a client's browser has cookies disabled, the ?session-id=blah doesn't get encoded into their URL (thanks to SessionQueryParse) when they first type it the URL. So if they type "www.foo" and click login, it just takes them back to "www.foo" without preserving the session-id, and it looks like they haven't logged in at all (and indeed they are running under a different session-id). If they load "www.foo" and click on a link which I typed in as "www.foo" they stay in the same session because the link becomes "www.foo?session=blah". Then logging in works fine. So, is there a way I can make the Apache::ASP handler (or some other component of Apache) redirect cookieless clients to scripts whose URIs contain a session id? The other related problem is that when a client that allows cookies visits a page for the first time, all their link URLs have session-ids parsed into them unnecessarily. This is the method that I have in mind that I think would resolve these issues. A hit to a web page with session tracking does this: Hit to "www.foo/bar". If client delivers session-id cookie, deliver plain page for cookied clients. If query string contains session-id, deliver a page with session-ids parsed into links for cookieless clients. If client delivers no cookie and session-id is not in URL, set cookie and redirect to self-URL with session-id parsed in. Even this isn't perfect though, since the URI will sometimes unnecessarily contain the session-id value for cookied browsers. This will still contaminate the return_url for my login procedure, but at least the link and image URLs from the first page won't be uglified. The perfect solution would be to redirect the client to the self-URL without the session-id in their query string when *both* a cookie is sent and a session-id is in the query string. Combined with the method above, this would result in a cookied browser doing: 1. user types "www.foo", server receives no cookie 2. server sends cookie and forwards to "www.foo?session-id=blah" 3. server receives cookie and forwards to "www.foo" 4. server delivers plain "www.foo" And a cookieless browser: 1. user types "www.foo", server receives no cookie 2. server sends cookie and forwards to "www.foo?session-id=blah" 3. server receives no cookie and delivers request for "www.foo" with session-ids parsed into all links Basically, the stable cases (sending cookies OR sending ids in query-string) are fine, it's just the cases of neither or both being sent that need to be fixed. So... can I make these sorts of things happen? Should I care? Is there a way I can find out whether the user's browser is cookied for session-id from within the ASP script? Thanks, shimon. p.s. Apache::ASP is great! I love it! What a timesaver and so easy to work with!
I got it to work: apache fails to work with mod_perl
Hey just so you know, I got it to work, but I made some changes, that is switched Redhat 7.0 to Redhat6.2 apache3.12 to 3.14 mod_perl-1.24 to 1.24_01 the problem was probably in Redhat7.0, but don't quote me on this because I changed all 3 variables (RH, apache and mod_perl) but it works now Dennis > I'm having a problem making apache work with mod_perl. > Short problem description is: when I compile apache by itself, it = > works, > but when I compile mod_perl (which builds apache also) it doesn't work = > and gives me an error that's on = > http://www.apache.org/docs/misc/FAQ-D.html#nfslocking=20 > When I am trying to fix the error as it says on the page, apache is = > still behaving the same way, that is -- not working and giving me the = > same error. > > I am using RedHat Linux 7.0
Re: Segmentation faults
To your httpd.conf add a PerlModule HTML::Embperl > > > Options ExecCGI > AllowOverride None > SetHandler perl-script > PerlHandler HTML::Embperl > this should normaly solve this problem. If not let me know and we try to track it down further Gerald - Gerald Richterecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925151 WWW:http://www.ecos.de Fax: +49 6133 925152 -
Re: Embeded perl question
> embperl 'subs' do not return subroutine values.
> you need to either make a regular subroutine
> [- sub get_date { ... } -]
>
> or use a global variable for return values. such as @GLOBAL. kind of
ugly - but is it
> any uglier than @_ for the input values?
>
You may also use references:
[$ sub foo $]
$_[0] = ($mday."-".$mth."-".$year);
[$endsub$]
# and call it with
foo (\$date) ;
Gerald
> "Genocchio, Anthony" wrote:
>
> > I am having trouble returing a variable from a sub?...below is my effort
to
> > do this...is there some fundamental place where i am going wrong and can
you
> > help me?!...thanks
> >
> > [$ sub get_date $]
> > [-
> > $var = shift;
> > --snip---
> > $date = ($mday."-".$mth."-".$year);
> > return[$date];
> > -]
> > [+ $date +]
> > [+ $var +]
> > [$ endsub $]
> >
> > [-
> > use DirHandle;
>
> --
> ___cliff [EMAIL PROTECTED]http://www.genwax.com/
>
>
>
>
Re: Apache::ASP cookieless sessions question
Shimon Rura wrote:
>
> Hi, Throughout my web pages I provide a link for the user to login, which
> goes to a username/password check which then forwards the user back to the
> original page where he clicked "login". The login link is implemented with:
>
>
> login
>
>
> And of course /user/login (an ASP script) will eventually
> $Response->Redirect() the client to the original URL. The only problem is
> that if a client's browser has cookies disabled, the ?session-id=blah
> doesn't get encoded into their URL (thanks to SessionQueryParse) when they
> first type it the URL. So if they type "www.foo" and click login, it just
> takes them back to "www.foo" without preserving the session-id, and it looks
> like they haven't logged in at all (and indeed they are running under a
> different session-id). If they load "www.foo" and click on a link which I
> typed in as "www.foo" they stay in the same session because the link becomes
> "www.foo?session=blah". Then logging in works fine.
>
SessionQueryParse runtime session-id insertion into query strings
to handle cookieless clients should cover $Response->Redirect() URLs
too. The problem is that you are redirecting to an absolute URL,
where the matching algorithm normally covers only links relative
to the current server. The solution is to configure SessionQueryParseMatch
with a regexp that matches URLs that you also want session-ids inserted
into, so you can handle what the user typed in.
> The other related problem is that when a client that allows cookies visits a
> page for the first time, all their link URLs have session-ids parsed into
> them unnecessarily.
>
There is an optimization that if the client presents any cookies at
all, then the session-ids won't be inserted into URLs. So in
Script_OnStart, you can check for a permanent cookie, and if the client
doesn't have it, then set one. Then all subsequent visits, the client will
not have session-id's parsed in. Also, you can provide a "cookie shield"
for your site, by marking a value in $Session, like $Session->{CookiesOn} = 1
and if set do nothing, otherwise, set, and redirect to current URL; with
SessionQueryParse enabled, this should be simple logic, as they will
always have a session-id on the next request, and that value will be marked.
> This is the method that I have in mind that I think would resolve these
> issues. A hit to a web page with session tracking does this:
>
> Hit to "www.foo/bar". If client delivers session-id cookie, deliver plain
> page for cookied clients. If query string contains session-id, deliver a
> page with session-ids parsed into links for cookieless clients. If client
> delivers no cookie and session-id is not in URL, set cookie and redirect to
> self-URL with session-id parsed in.
>
I think it is better to do these things per site, as redirects
do not cover form based scenarios, as form POST input will be lost,
so its not a truly generic solution. It may be that a site running
SessionQueryParse will want to handle form requests on the first
incoming request, I think the better hack is setting the permanent
cookie.
> The perfect solution would be to redirect the client to the self-URL without
> the session-id in their query string when *both* a cookie is sent and a
> session-id is in the query string. Combined with the method above, this
> would result in a cookied browser doing:
>
> 1. user types "www.foo", server receives no cookie
> 2. server sends cookie and forwards to "www.foo?session-id=blah"
> 3. server receives cookie and forwards to "www.foo"
> 4. server delivers plain "www.foo"
>
That's a lot of requests to serve up a first page to a site.
Average content web sites have something like 2-3 page requests
per user, and we are creating 3 request just for the first hit,
doubling the number of requests necessary to handle the user.
I think the logic here is simple if you want to implement it,
but I worry about it being a generic solution.
# assumes SessionQueryParse enabled
sub Script_OnStart {
# use permanent cookie for a hint, if available
unless(%{$Request->{Cookies}} || $Session->{CookiesOn}) {
$Session->{CookiesOn} = 1;
$Response->{Cookies}{Perm} = { Value => 1, Expires => 86400 * 365 };
$Response->Redirect(
$Server->URL(
&File::Basename::basename($0),
$Request->{QueryString)
)
);
}
}
If SessionQueryParse weren't enabled, then for a cookieless
client, this solution would loop infinitely, and there needs
to be other logic enabled to make this happen.
> So... can I make these sorts of things happen? Should I care? Is there a
> way I can find out whether the user's browser is cookied for session-id from
> within the ASP script?
>
I think the SessionQueryParseMatch will be key for you, as well
as the permanent cookie trick.
> p.s. Apache::ASP is great! I love it! What a timesaver and so easy to work
> with!
Re: ModPerl job in Manhattan, NY
Ruben I. Safir 1600 East 17th Street Brooklyn, NY 11230 1-718-382-5752 [EMAIL PROTECTED] Skills UNIX, Apache Web Server administration, Networking Administration, C programming, Perl and Perl DBI, SQL, UNIX Script Language, HTML. Introduction to Java and C++. Operating Systems Unix, Linux, BSDI, DOS, Windows, NT Related Skills PageMaker, PhotoShop, GIF Animation, POV Raytracing Art Skills, hardware troubleshooting, PC Installation, Scanning Apache Administration, IP Setup. Experience Feb 2000 Sapphire Software of Brooklyn - Installed Slashdot Clone for Client and set up basic IP networking. March 1999 - Present The New School - Teach Perl and Web Technologies in the continueing education program May 1998 - Present New York University - Manager of Intranet and Software Development and Project Manager. Wrote numerous database driven Web programs using DBI, ModPerl and Perl. Installed and imported the clinical database to Oracle On Red Hat Linux. Ported an Intranet Site from a Windows95 environment to Unix, fixing links using SED and Perl. Ported a DOS medical database from a flat binary Database to MYSQL RDMS using Perl. As the old database is still being used live, the port has to be repeated on a daily basis. Fixed large amounts of bad data. Combined it's 5 directories of data because it originally had a maximum of 32,000 patients. All five database binaries had to be combined into one MYSQL Database. Designed the new schema and built a front end for the over 3,000,000 transactions using CGI techniques , modperl, embperl, javascript and Perl. Installed Apache on Linux while building modules and perl extensions. Instructed co-workers in the basics of Unix administration, while creating a secure web server. Automated the data import to be pooled daily using CRON over IPX from production servers. Dec 1994 - Present Jewish Billboard and Brooklyn on Line - Web Site Administrator and Page Creator. Performed webpage creation skills including CGI writing in C and Perl. Currently developing a Shopping Cart with client side administration, and accounting tools. Extensive use of Perl and MYSQL on a BSDI OS. (http://www.wynn.com/jewish and http://www.brooklynonline) . July 1997 - December 1997 Maramont Corporation: Establish an Intranet with the Apache Webserver Supported about 25 machines on an intranet with Windows Clients and a UNIX Server. Designed and replaced various windows based document management programs which were constraining the corporations ability for web based technology. Wrote several Perl CGI's to parse our production label database into CGI - Netscape output. This eased label design. It permitted the use of Pagemaker to work with the specialized Zebra Bar-code printers over the UNIX print server. Worked with Fox Pro 2.6a and a Database product called TRO to support and helped develop a Purchasing database on Windows 3.11 and Novel. Installed and supported all cooperate software, Photo Shop, Pagemaker, Scanning techniques, Word, Lotus, ect. June 1995 - June 1997 Medical Arts - Part-time Pharmacist Sept 1995 - Feb 1996 Graduate Student Professor at LIU College of Pharmacy in compounding labs. Sept 1984 - 1996 Karson Pharmacy - Full and Part-time Pharmacist. 1981 - 1987 US ARMY - Honorable discharge Education: Sept - Jan 1998 NYU: C++ and Unix Programing April - Oct 1996 Cope Institute: Programming course in UNIX Programming, Shell Scripting, SQL, embedded SQL in C and Oracle. Sep 1995 - Feb 1996 LIU: Fellowship and Ph.D. candidate for Pharmaceutics. Jan 1983 - Sept 1988 LIU Brooklyn Campus: Graduate of Pharmacy Interests and Hobbies Birds and Parrots, Art History, Local History, Jazz, NYC, Writing, Teaching Perl and HTML
Re: apache fails to work with mod_perl .. (old PerlRequire conf/startup.pl + more info)
I have found that I can now build an apache_1.3.14 binary with mod_perl-1.24 . I had to rebuild the perl5.6.0 binary with config_args: config_args='-des -Doptimize=-02 -march=i386 mcpu=686 -Dcc=gcc -Dcccdlflags=-fPIC -Darchname=i386-linux -Dd_dosuid -Dd_semctl_semun -Di_db -di_ndbm -Di_gdbm -Di_shadow -Uuselargefiles' These arguments are how the binary shipped with RedHat7 was configured. Does anyone see something here I should worry about? Also, make test is failing about 3/4 of the tests. But at least it is running. -- Danny Aldham Providing Certified Internetworking Solutions to Business www.postino.com E-Mail, Web Servers, Web Databases, SQL PHP & Perl
Re: Problem with Apache::DBI
Yes. I am giving this command while login as root. Other modules gets loaded properly, but I encounter problem while loading Apache::DBI. Thanks, Pritesh. On Friday, October 13, 2000 at 09:03:22 AM, [EMAIL PROTECTED] wrote: > Are you running httpd restart with a user that has the proper permissions? > > Brian B. > > Pritesh Thakor wrote: > > > Hi, > > > > I installed Apache::DBI-0.87 on Apache 1.3.9, Perl 5.00503, mod_perl 1.2.1 running >on RedHat Linux 6.1 and I am trying to connect to MySQL 3.22.32. After making >necessary changes in httpd.conf i.e. PerlModule Apache::DBI and giving the command > > > > /etc/rc.d/init.d/httpd restart > > > > generates the message > > > > Shutting donw http: [FAILED] > > Starting http: [ OK ] > > > > Now when I request a page from the browser, a window populates displaying a >message "Connection refused. The server may not be accepting connections." > > > > I also tried connecting to MySQL in startup file, but it is not working. > > > > If there is anything more to be done or I am doing something wrong, please let me >know. > > > > Thanks, > > Pritesh. > > > > pritesht > > e-mail: [EMAIL PROTECTED] > > > > > > > > Feed Your Greed !!! > > Get your 10MB Free space only at http://www.forindia.com NOW! > > > > > > pritesht e-mail: [EMAIL PROTECTED] Feed Your Greed !!! Get your 10MB Free space only at http://www.forindia.com NOW!
Re: Problem with Apache::DBI
Andrew, I gave the command when I login as a root. The real problem is all other modules except Apache::DBI gets preloaded. So, I think there is something wrong with Apache::DBI or there has to be some kind of version conflict. Thanks for the reply, Pritesh. On Friday, October 13, 2000 at 09:03:00 AM, Andrew Wyllie wrote: > Hi Pritesh, > > On Thu, 12 Oct 2000, Pritesh Thakor wrote: > > > Hi, > > > > I installed Apache::DBI-0.87 on Apache 1.3.9, Perl 5.00503, mod_perl 1.2.1 running >on RedHat Linux 6.1 and I am trying to connect to MySQL 3.22.32. After making >necessary changes in httpd.conf i.e. PerlModule Apache::DBI and giving the command > > > > /etc/rc.d/init.d/httpd restart > > > > generates the message > > > > Shutting donw http: [FAILED] > > Starting http: [ OK ] > > > > Now when I request a page from the browser, a window populates displaying a >message "Connection refused. The server may not be accepting connections." > > > > I also tried connecting to MySQL in startup file, but it is not working. > > > > If there is anything more to be done or I am doing something wrong, please let me >know. > > > > Thanks, > > Pritesh. > > > > Sometimes I see things like this happen when I try to restart a server > without being root or when the httpd.pid file is not pointing at the > current process id. > > andrew > > ... > Andrew Wyllie <[EMAIL PROTECTED]>Open Source Integrator > v.206.729.7439 __We can catify or stringify, > c.206.851.9876separately or together!__ perl-5.005_03 > pritesht e-mail: [EMAIL PROTECTED] Feed Your Greed !!! Get your 10MB Free space only at http://www.forindia.com NOW!
Re: Problem with Apache::DBI
Hi Ken, There is neither any error message generated in the error_log neither on linux prompt. Thanks for writing, Pritesh. On Friday, October 13, 2000 at 01:30:50 AM, Ken Williams wrote: > [EMAIL PROTECTED] (Pritesh Thakor) wrote: > >I installed Apache::DBI-0.87 on Apache 1.3.9, Perl 5.00503, mod_perl > >1.2.1 running on RedHat Linux 6.1 and I am trying to connect to MySQL > >3.22.32. After making necessary changes in httpd.conf i.e. PerlModule > >Apache::DBI and giving the command > > > >/etc/rc.d/init.d/httpd restart > > > >generates the message > > > >Shutting donw http: [FAILED] > >Starting http: [ OK ] > > > >Now when I request a page from the browser, a window populates > >displaying a message "Connection refused. The server may not be > >accepting connections." > > > >I also tried connecting to MySQL in startup file, but it is not working. > > > >If there is anything more to be done or I am doing something wrong, > >please let me know. > > Any errors in the log? > > > ------ > Ken Williams Last Bastion of Euclidity > [EMAIL PROTECTED]The Math Forum > > > pritesht e-mail: [EMAIL PROTECTED] Feed Your Greed !!! Get your 10MB Free space only at http://www.forindia.com NOW!
Re: Problem with Apache::DBI
Hi Rob, I am not ruling out the chances of daemon process incorrectly parsing httpd.conf. However, there is very remote chances of this kind of problems. I would also like to tell you that all my modules except Apache::DBI is getting preloaded. So, I think the problem lies in Apache::DBI and it has nothing to do with either httpd.conf or daemon process. Thanks for writing in. Pritesh. On Friday, October 13, 2000 at 12:49:25 AM, Rob Tanner wrote: > Did you check to see that the server was still up. It is possible it > crashed just after the "OK" was displayed on the screen. From the > traces I've done when I've encountered similar problems, the server > parses httpd.conf once to check for errors and then forks off a daemon > copy of itself. The daemon is the parent to all the running httpd > processes. In at least one case that I've dealt with, the daemon had a > problem when parsing httpd.conf whereas the copy of httpd invoked from > the command line didn't. Try invoking the server in the foreground (-X > option) and see what happens. BTW, only run the daemon in the > foreground for debugging purposes. Run in the foreground it forks off > no copies of itself. > > -- Rob > > > --On 10/12/00 11:36:33 PM -0700 Pritesh Thakor <[EMAIL PROTECTED]> > wrote: > > > Hi, > > > > I installed Apache::DBI-0.87 on Apache 1.3.9, Perl 5.00503, mod_perl > > 1.2.1 running on RedHat Linux 6.1 and I am trying to connect to MySQL > > 3.22.32. After making necessary changes in httpd.conf i.e. PerlModule > > Apache::DBI and giving the command > > > > /etc/rc.d/init.d/httpd restart > > > > generates the message > > > > Shutting donw http: [FAILED] > > Starting http: [ OK ] > > > > Now when I request a page from the browser, a window populates > > displaying a message "Connection refused. The server may not be > > accepting connections." > > > > I also tried connecting to MySQL in startup file, but it is not > > working. > > > > If there is anything more to be done or I am doing something wrong, > > please let me know. > > > > Thanks, > > Pritesh. > > > > > > > > > > > > > > > > > > > > pritesht > > e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > Feed Your Greed !!! > > Get your 10MB Free space only at http://www.forindia.com NOW! > > > > > > > > > > > > >_ _ _ _ __ _ _ _ _ > /\_\_\_\_\/\_\ /\_\_\_\_\_\ > /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, > /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR >/\/_/_/_/_/ /\_\ /\/_//\/_/ > /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin > \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) > > Rob Tanner > McMinnville, Oregon > [EMAIL PROTECTED] > > pritesht e-mail: [EMAIL PROTECTED] Feed Your Greed !!! Get your 10MB Free space only at http://www.forindia.com NOW!
Re: Problem with Apache::DBI
Hi Rob, I am not ruling out the chances of daemon process incorrectly parsing httpd.conf. However, there is very remote chances of this kind of problems. I would also like to tell you that all my modules except Apache::DBI is getting preloaded. So, I think the problem lies in Apache::DBI and it has nothing to do with either httpd.conf or daemon process. Thanks for writing in. Pritesh. On Friday, October 13, 2000 at 12:49:25 AM, Rob Tanner wrote: > Did you check to see that the server was still up. It is possible it > crashed just after the "OK" was displayed on the screen. From the > traces I've done when I've encountered similar problems, the server > parses httpd.conf once to check for errors and then forks off a daemon > copy of itself. The daemon is the parent to all the running httpd > processes. In at least one case that I've dealt with, the daemon had a > problem when parsing httpd.conf whereas the copy of httpd invoked from > the command line didn't. Try invoking the server in the foreground (-X > option) and see what happens. BTW, only run the daemon in the > foreground for debugging purposes. Run in the foreground it forks off > no copies of itself. > > -- Rob > > > --On 10/12/00 11:36:33 PM -0700 Pritesh Thakor <[EMAIL PROTECTED]> > wrote: > > > Hi, > > > > I installed Apache::DBI-0.87 on Apache 1.3.9, Perl 5.00503, mod_perl > > 1.2.1 running on RedHat Linux 6.1 and I am trying to connect to MySQL > > 3.22.32. After making necessary changes in httpd.conf i.e. PerlModule > > Apache::DBI and giving the command > > > > /etc/rc.d/init.d/httpd restart > > > > generates the message > > > > Shutting donw http: [FAILED] > > Starting http: [ OK ] > > > > Now when I request a page from the browser, a window populates > > displaying a message "Connection refused. The server may not be > > accepting connections." > > > > I also tried connecting to MySQL in startup file, but it is not > > working. > > > > If there is anything more to be done or I am doing something wrong, > > please let me know. > > > > Thanks, > > Pritesh. > > > > > > > > > > > > > > > > > > > > pritesht > > e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > Feed Your Greed !!! > > Get your 10MB Free space only at http://www.forindia.com NOW! > > > > > > > > > > > > >_ _ _ _ __ _ _ _ _ > /\_\_\_\_\/\_\ /\_\_\_\_\_\ > /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, > /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR >/\/_/_/_/_/ /\_\ /\/_//\/_/ > /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin > \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) > > Rob Tanner > McMinnville, Oregon > [EMAIL PROTECTED] > > pritesht e-mail: [EMAIL PROTECTED] Feed Your Greed !!! Get your 10MB Free space only at http://www.forindia.com NOW!
