Apache::AuthCookie now on SourceForge
Hi all, I have just created a SourceForge project for AuthCookie. If you are interested, you can access the project at http://sourceforge.net/projects/ap-authcookie/ . All previous releases are there, and I have imported the CVS tree too. Moving the project to SourceForge gives several benefits. First, interested developers can access the distribution via anonymous CVS. Second, the bug tracking tools task list seem like they'll help organize my development and help let other people know the current statuses of project details. And third, it opens the possibility of having other developers work on the project. For some time now, I haven't had enough time to synthesize all the various requests/contributions/questions people have contacted me about. I've been considering finding a new person to be the shepherd of AuthCookie, but for the time being I think I'll hold off on that and remain in charge. I would like to make the development a bit more open though, because lately I've been a bit of a communication black-hole and the project has stagnated because of it. If you have any interest in being a developer or otherwise influencing the direction of the module, please contact me. I'm not sure whether I'm ready to coördinate the activity of lots of people, but I suspect perhaps only 1 or 2 people will be interested anyway. Although SourceForge provides discussion tools, I would like the mod_perl list to remain the main point of contact for AuthCookie support discussion. It's possible that in the future we'll want to make a development list or something, but for now let's hold off. Pretty soon I will probably move Apache::Filter development to SourceForge too. Thanks for the time. ------ Ken Williams Last Bastion of Euclidity [EMAIL PROTECTED]The Math Forum
Re: OT: ApacheCon/Europe
Gunther Birznieks wrote: Just wondering who all from mod_perl is going to ApacheCon/Europe next week and are there any plans to get together like there was at PerlCon. I'm going to be there. Some kind of get together would be cool. I'd like to hear about what other people are working on. - Perrin
Re: OT: ApacheCon/Europe
On Wed, 18 Oct 2000, Perrin Harkins wrote: Gunther Birznieks wrote: Just wondering who all from mod_perl is going to ApacheCon/Europe next week and are there any plans to get together like there was at PerlCon. I'm going to be there. Some kind of get together would be cool. I'd like to hear about what other people are working on. Well there's nothing yet planned for Sunday night, how about we meet in some pub near the Olympia/Hilton ? -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
[OT] uploaded files and multi-paged forms
How do you handle uploading files when using multi-paged forms (for example entered text and a picture are previewed before storing into the database and special directory)? Uploaded files can't be passed as hidden fields, right? So do you let your users to upload the same file several times and then delete the temporary files with a cron job? Another annoying thing is, that the file upload field is non-sticky (its value gets cleared - at least in Netscape) and also that the user could upload a different file at the last page of form (okay, I could probably use Digest::HMAC). Sorry for off-topic, but maybe someone has a good solution?
Re: [OT] uploaded files and multi-paged forms
On Thu, 19 Oct 2000, Alexander Farber (EED) wrote: How do you handle uploading files when using multi-paged forms (for example entered text and a picture are previewed before storing into the database and special directory)? Uploaded files can't be passed as hidden fields, right? So do you let your users to upload the same file several times and then delete the temporary files with a cron job? Not multiple times, but let them upload and store in a temp file, which you can store the filename as a hidden field. Use File::MkTemp to create the filenames. And delete temp files older than 60 minutes or so periodically. -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
images/static files (fwd)
Hi I know that one is supposed to use a plain httpd or possibly thttpd for delivering static content like images. That is however a problem if the images itself are subject to protection. One option is basic atuhentication, but than the user/password goes to the server for every image to GET. Using https would mean protection of the user/password but then the images get encrypted as well, where I only want some access protection and no plaintext passwords going to the server. Using autcookie, would involve the use of mod_perl again. I am a bit stuck here. Arnold
Re: [OT] uploaded files and multi-paged forms
Matt Sergeant wrote: On Thu, 19 Oct 2000, Alexander Farber (EED) wrote: How do you handle uploading files when using multi-paged forms (for example entered text and a picture are previewed before storing into the database and special directory)? Uploaded files can't be passed as hidden fields, right? So do you let your users to upload the same file several times and then delete the temporary files with a cron job? Not multiple times, but let them upload and store in a temp file, which you can store the filename as a hidden field. Use File::MkTemp to create the filenames. And make sure you check its validity, so people can't start probing other parts of your file system. -- Tim Sweetman A L Digital "we will fix it, we will mend it" --- the mice, _Bagpuss_
Re: [OT] uploaded files and multi-paged forms
Matt Sergeant wrote: Not multiple times, but let them upload and store in a temp file, which you can store the filename as a hidden field. Use File::MkTemp to create the filenames. Thanks for the advice, but doesn't File::MkTemp have a race condition? The subroutine File::MkTemp::mktemp does following (comments are mine): $keepgen = 1; while ($keepgen){ # generate a random file name and put it into $template if ($dir){ $lookup = File::Spec-catfile($dir, $template); $keepgen = 0 unless (-e $lookup); # isn't it a race? }else{ $keepgen = 0;# here it doesn't even check -e } next if $keepgen == 0; # also, why this check? } return($template); This looks as a bad quality module to me or am I awfully wrong? (CC: Travis, please don't take it personally)
Re: [OT] uploaded files and multi-paged forms
On Thu, 19 Oct 2000, Alexander Farber (EED) wrote: Matt Sergeant wrote: Not multiple times, but let them upload and store in a temp file, which you can store the filename as a hidden field. Use File::MkTemp to create the filenames. Thanks for the advice, but doesn't File::MkTemp have a race condition? The subroutine File::MkTemp::mktemp does following (comments are mine): $keepgen = 1; while ($keepgen){ # generate a random file name and put it into $template if ($dir){ $lookup = File::Spec-catfile($dir, $template); $keepgen = 0 unless (-e $lookup); # isn't it a race? }else{ $keepgen = 0;# here it doesn't even check -e } next if $keepgen == 0; # also, why this check? } return($template); This looks as a bad quality module to me or am I awfully wrong? Its only insecure if you don't use sysopen($fh, $newname, O_RDWR | O_EXCL | O_CREAT) (and then get a new filename if that failed 'cos the file existed). File::Temp is a slightly more secure alternative, doing the above line for you. You should also take an MD5 hash of the contents of the file to ensure they don't change in the lifetime of the request. Sorry, but I don't mention these things because they are obvious to me these days. -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
Re: [OT] uploaded files and multi-paged forms
Matt Sergeant wrote: Its only insecure if you don't use sysopen($fh, $newname, O_RDWR | O_EXCL | O_CREAT) (and then get a new filename if that failed 'cos the file existed). Well, then at least the subroutines mkstempt and mkstemp are insecure, since they call (funny, the comment below is by the File::MkTemp-author): $fh = new FileHandle "$openup"; #and say ahhh.
RE: possible bug in mod_perl 1.24_01
-Original Message- From: Michael J Schout [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 18, 2000 2:54 PM To: [EMAIL PROTECTED] Subject: Re: possible bug in mod_perl 1.24_01 I should also have mentioned: I am using perl 5.6.0, Linux 2.2.x I have the same config and don't have any problems... however, from the debug output, it looks to me like it is the Include directive that is mucking things up... `@Include' directive is TAKE1, (1 elements) default: iterating over @Include handle_command (Include "/nis.home/mschout/dev/gkgdrs/gkgnsi/conf/httpd.conf"): loading perl module 'Apache'...ok `@Include' directive is TAKE1, (0 elements) default: iterating over @Include perl_section: /Directory `@Include' directive is TAKE1, (0 elements) default: iterating over @Include perl_section: /Directory ...etc are any of your configuration files a directory? 1.3.14 will now recurse through any config files that are directories and process all the files within... maybe that is going awry somehow? I suppose my suggestion might be to start stripping down your config file to something basic and add stuff until the looping starts - not much help, I know, but... --Geoff I used the same perl / os for both apache1.3.12/mod_perl 1.24, and apache 1.3.14/mod_perl 1.24_01. Mike
RE: Mod_perl, DBI, and Postgres install procedures...
-Original Message- From: cbell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 18, 2000 3:00 PM To: [EMAIL PROTECTED] Subject: Mod_perl, DBI, and Postgres install procedures... Does anyone have a set of procedures to install Mod_perl, Apache, Postgres, DBI, DBI.pm, and anything else needed to make Modperl talk to a postgres database. I'm new to Linux and Mod_perl, and I've followed all the setup procedures I can find to do this, but I still cannot get a database connection. I think I'm just missing a step somewhere, and if I can get the procedures on how to do this from start to finish from one source, I think I'll be allright. I've been piecing together all the information I've found on the Internet, but I'm not having any luck. Currently I'm receiving the error Can't locate object method "connect" via package "DBI" at /usr/lib/perl5/site_perl/5.005/Apache/DBI.pm in my error_log whenever I start up the apache server. looks like you didn't install DBI - it is different from Apache::DBI and does different things... I've tried installing using RPM's and using the source files, but I always end up with a similar error. install apache + mod_perl as per perl.apache.org/guide install DBI install DBD::Pg (optionally) install Apache::DBI HTH --Geoff Thanks in advance
A question on Macs
Hi, Earlier I posted a message on finding the value of 'keepalive' (defined in httpd.conf), for an individual request. Since I did not get a response I'm trying from a different angle. I am lead developer for a web application running on Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2412 (Unix) mod_perl/1.21. Does anyone know or can anyone rule out a bug in the way Apache processes requests for Macs? Several of our sites have had tremendous problems with Macs accessing our webs. I want to rule out Apache, because turning off the keepalive directive seems to clear up some but not all of our problems. We're using: BrowserMatchNoCase mac nokeepalive I'm at a loss. Any help, information, links and/or help in ruling out Apache, would be greatly appreciated. Dana C. Chandler III e-Applications Developer
Turning off a perl handler in a particular directory
Good morning all, I have a couple of perl handlers (AccessHandler and Wrapper) running at the document root of my mod_perl server. I need to turn one of those handlers off in a lower level directory, but keep the other one running. Here's the relevant text from Apache's config file: FilesMatch "\.(htm|html|pl)$" PerlFixupHandler Carescout::AccessHandler /FilesMatch Location / SetHandler perl-script PerlHandler Carescout::Wrapper PerlSendHeader On Options ExecCGI /Location I tried setting the PerlHandler back to cgi-script (in the lower-level directory), but that did not turn the Wrapper handler off: Location /www/perl/htdocs/lower_level SetHandler cgi-script PerlHandler Carescout::AccessHandler /Location Any suggestions on how to do this? Thanks, Chris
Re: Turning off a perl handler in a particular directory
Chris Brooks ([EMAIL PROTECTED]) said something to this effect: I tried setting the PerlHandler back to cgi-script (in the lower-level directory), but that did not turn the Wrapper handler off: Location /www/perl/htdocs/lower_level That should probably be Directory. As written, it will do this for http://www.yourdomain.com/www/perl/htdocs/lower_level/ ... Or is that what you meant? (I.e., Is this a mistake in your email, your httpd.conf, or my assumptions?) SetHandler cgi-script PerlHandler Carescout::AccessHandler This is only relevant when the handler is perl-script. I would have imagined, completely without evidence of course, that this would have given you an error when Apache parsed the file. (Unless that was supposed to be PerlAccessHandler.) /Location (darren) -- Any technology indistinguishable from magic is insufficiently advanced.
[ANNOUNCE] Apache-DebugInfo-0.05
The URL http://morpheus.laserlink.net/~gyoung/modules/Apache-DebugInfo-0.05.tar.gz has entered CPAN as file: $CPAN/authors/id/G/GE/GEOFF/Apache-DebugInfo-0.05.tar.gz size: 9882 bytes md5: c02c9f2cd84a9e0629812ab717a36463 Apache::DebugInfo provides a per-server, per-directory, or OO interface into various bits of data that developers might be interested in on a per-request basis, such as the contents of any notes or pnotes, start of phase processing, headers, etc... ***this version requires at least mod_perl 1.2401 due to important changes in get/set handlers methods - failure to upgrade will cause grave problems with Apache::DebugInfo's get_handlers and mark_phases methods and probably cause your server to, uh, misbehave. Other than that, it has proven quite helpful for me at least :) new methods: dir_config() - display variables set by PerlSetVar and PerlAddVar get_handlers() - display the enabled handlers for this request mark_phases() - display the phase before executing any other handlers Changes: 0.05 10.19.2000 - added get_handlers() method and associated documentation - added dir_config() method and associated documentation - added mark_phases() method, associated internal functions, and documentation - made ip() and type() methods return 'ALL' if not set - changed names of internal methods to start with _ - modified internal methods - updated pod - minor code change thanks to Damian Conway --Geoff
Re: ApacheCon Sunday Pub Meet
It's even worse than that! 10:30pm on a Sunday... Matt Sergeant wrote: How about Harvey Floorbangers, from 7 till late. (erm, I think late might still be 11pm for england *sigh*)... "With a name like Harvey Floorbangers you'd expect this to be a cheesy theme bar with singing bar staff and signed guitars on the wall. Thankfully, this is actually a traditional English pub frequented by locals and visitors to the Olympia Exhibition Building across the road." Sound OK to everyone? (Stas, I'm sure they serve tomato juice too...:) -- Tim Sweetman A L Digital "we will fix it, we will mend it" --- the mice, _Bagpuss_
Re: ApacheCon Sunday Pub Meet
On Thu, 19 Oct 2000, Tim Sweetman wrote: It's even worse than that! 10:30pm on a Sunday... OK, then we have to head back to the Hilton (hotel bars are still allowed to be open late, right?) Of course my talk is on the Monday, maybe 10:30 would be a good thing. (what am I thinking!)... Matt Sergeant wrote: How about Harvey Floorbangers, from 7 till late. (erm, I think late might still be 11pm for england *sigh*)... "With a name like Harvey Floorbangers you'd expect this to be a cheesy theme bar with singing bar staff and signed guitars on the wall. Thankfully, this is actually a traditional English pub frequented by locals and visitors to the Olympia Exhibition Building across the road." Sound OK to everyone? (Stas, I'm sure they serve tomato juice too...:) -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
AARRRGH! The Apache Proxy is not transparent wrt cookies!
hi, after a lot of struggling, I finally set my multilayered apaches up, and now I find that the proxy is eating my cookies along the way... HEELP! I am proxying through mod_rewrite commands, if that actually makes a difference ... martin
ApacheCon Sunday Pub Meet
How about Harvey Floorbangers, from 7 till late. (erm, I think late might still be 11pm for england *sigh*)... "With a name like Harvey Floorbangers you'd expect this to be a cheesy theme bar with singing bar staff and signed guitars on the wall. Thankfully, this is actually a traditional English pub frequented by locals and visitors to the Olympia Exhibition Building across the road." Sound OK to everyone? (Stas, I'm sure they serve tomato juice too...:) -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
Re: ApacheCon Sunday Pub Meet
Matt Sergeant wrote: On Thu, 19 Oct 2000, Tim Sweetman wrote: It's even worse than that! 10:30pm on a Sunday... OK, then we have to head back to the Hilton (hotel bars are still allowed to be open late, right?) Hmm, not 100% on this one, but believe that hotel bars are only allowed to serve alcohol to their residents after that time. This is fine if you are all staying in the Hilton. I'm not. But then I live within a fairly short distance. :) -- Tim Sweetman A L Digital "we will fix it, we will mend it" --- the mice, _Bagpuss_
Re: ApacheCon Sunday Pub Meet
On Thu, 19 Oct 2000, Tim Sweetman wrote: Matt Sergeant wrote: On Thu, 19 Oct 2000, Tim Sweetman wrote: It's even worse than that! 10:30pm on a Sunday... OK, then we have to head back to the Hilton (hotel bars are still allowed to be open late, right?) Hmm, not 100% on this one, but believe that hotel bars are only allowed to serve alcohol to their residents after that time. This is fine if you are all staying in the Hilton. I'm not. But then I live within a fairly short distance. :) All back to your place then :-) -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
mod_perl handler and formats
Hi All I have a rather elementary setup [apache(1.3.12)/mod_perl(1.24)/perl(5.6.0)/rhat(6.1)] which allows user to request reports. My mod_perl handler retrieves the data from db2 and generates either a text or a pdf-based report which is written out to a file. The object that generates the report returns the full path of the file to the handler which converts it to a URI and sends a REDIRECT to the browser. This has been working as expected for about 6 months. Last week I added a new report, which is just a clone of the others (which are perl objects), and the text version sometimes fails to write the header on the first page. I've tried putting "local $- = 0" right before the report format is set up (which happens every time the report is run), but that shouldn't be necessary (and doesn't fix it). I now see in the mod_perl guide: CGI to mod_perl Porting. mod_perl Coding guidelines. Using format() and write() The interface to filehandles which are linked to variables with Perl's tie() function is not yet complete. The format() and write() functions are missing. If you configure Perl with sfio, write() and format() should work just fine. Otherwise you could use sprintf() to replace format(): ##.## becomes %2.2f and .## becomes %4.2f. Pad all strings with (" " x 80) before using, and set their length with: %.25s for a max 25 char string. Or prefix the string with (" " x 80) for right-justifying. Is this my problem? If not, does anyone have any suggestions as to where I might find the answer? I've been through most of my books and have not found any clues. TIA Bill
Re: AARRRGH! The Apache Proxy is not transparent wrt cookies!
* martin langhoff ([EMAIL PROTECTED]) [001019 11:51]: hi, after a lot of struggling, I finally set my multilayered apaches up, and now I find that the proxy is eating my cookies along the way... HEELP! I am proxying through mod_rewrite commands, if that actually makes a difference ... martin Proxied cookies work ok for me, and I'm using mod_rewrite commands as well. Are you setting the domain correctly so the browser knows to send the cookie to the light-server? Chris -- Chris Winters Senior Internet Developerintes.net [EMAIL PROTECTED] http://www.intes.net/ Integrated hardware/software solutions to make the Internet work for you.
Re: Turning off a perl handler in a particular directory
You're absolutely right, the mistake is mine. I have tried writing the config files a couple of ways: Location /store SetHandler cgi-script /Location and Directory /www/perl/htdocs/store SetHandler cgi-script /Directory I have not had luck in either case turning off the Wrapper handler. I did not encounter any errors in restarting the server with the PerlHandler Carescout::AccessHandler statement. Thoughts? Thanks, Chris darren chamberlain wrote: Chris Brooks ([EMAIL PROTECTED]) said something to this effect: I tried setting the PerlHandler back to cgi-script (in the lower-level directory), but that did not turn the Wrapper handler off: Location /www/perl/htdocs/lower_level That should probably be Directory. As written, it will do this for http://www.yourdomain.com/www/perl/htdocs/lower_level/ ... Or is that what you meant? (I.e., Is this a mistake in your email, your httpd.conf, or my assumptions?) SetHandler cgi-script PerlHandler Carescout::AccessHandler This is only relevant when the handler is perl-script. I would have imagined, completely without evidence of course, that this would have given you an error when Apache parsed the file. (Unless that was supposed to be PerlAccessHandler.) /Location (darren) -- Any technology indistinguishable from magic is insufficiently advanced. -- Chris Brooks Director of Technology CareScout.com phone: (781) 431-7033 x 342
maintaining state securely for authentication
Hi, I'm new to the group, and wonder if anyone would have a mod_perl (or even CGI) suggestion: I am writing an online application enabling users to create accounts, store information, and having the ability to edit/update information, provided it is under their username. All information (users, groups, data) will be stored via MySQL. The database is interfaced through a web application, using mod_perl and CGI (Perl). All users would initially have to login to the system to authenticate themselves. All updates, etc. done by the users would follow the login, so the username/password info would need to be maintain state throughout their session, while not giving away the information for potential abusers. Question 1: Apache authentication vs. form-based username/password query to MySQL? Pros/cons? Question 2: How can I enable users to updata/edit records in the system, through the web, while still knowing who they are (as per username/password login), over multiple pages throughout a session? I have found scenarios such as hotmail or monster.com good examples of what I want to accomplish. If anyone has some info, online explanations or suggestions to this, it would appreciated. Thanks alot ..Tom
Re: Turning off a perl handler in a particular directory
Chris Brooks ([EMAIL PROTECTED]) said something to this effect: You're absolutely right, the mistake is mine. I have tried writing the config files a couple of ways: Location /store SetHandler cgi-script /Location and Directory /www/perl/htdocs/store SetHandler cgi-script /Directory I have not had luck in either case turning off the Wrapper handler. I did not encounter any errors in restarting the server with the PerlHandler Carescout::AccessHandler statement. Thoughts? Looking at p. 444 of the Eagle book seems to indicate that this is right thing to do (see http://www.modperl.com/book/chapters/ch9.html#item_handler): # in httpd.conf: Perl package Apache::Reset::To::CGIScript; use Apache::Constants 'DECLINED'; sub handler { shift-handler('cgi-script'); return DECLINED; } /Perl Location /store PerlFixupHandler Apache::Reset::To::CGIScript /Location Good luck. (darren) -- If only God would give me some clear sign! Like making a large deposit in my name in a Swiss bank. -- Woody Allen
ANNOUNCE: Apache::ProxyStuff 0.09
Recent changes: 0.09 Wed Oct 18 23:36:00 2000 - Fixed a bug that added an additional HEAD tag when adding META tags - ProxyStuff now adds a BODY tag when the document does not contain one which should result in all pages receiving a header even if they are not syntacticly correct -FW: [EMAIL PROTECTED]- Date: Thu, 19 Oct 2000 18:06:13 +0200 From: PAUSE [EMAIL PROTECTED] To: Jason Bodnar [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: CPAN Upload: J/JB/JBODNAR/Apache-ProxyStuff-0.09.tar.gz The uploaded file Apache-ProxyStuff-0.09.tar.gz has entered CPAN as file: $CPAN/authors/id/J/JB/JBODNAR/Apache-ProxyStuff-0.09.tar.gz size: 6051 bytes md5: 76525bd499e69af57d427a26072e7793 No action is required on your part Request entered by: JBODNAR (Jason Bodnar) Request entered on: Thu, 19 Oct 2000 16:04:57 GMT Request completed: Thu, 19 Oct 2000 16:06:13 GMT Virtually Yours, Id: paused,v 1.69 2000/10/16 16:19:25 k Exp k --End of forwarded message- -- Jason Bodnar [EMAIL PROTECTED]
RE: maintaining state securely for authentication
1. Apache Authentication, using MySQL to authenticate, and use form based webpage with perl backend to query MySQL. 2. Once the directory is secured, you know who they are at all times by calling $ENV{REMOTE_USER} Charles Day IT Symix Systems, Inc. -Original Message- From: Kralidis, Tom [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 11:52 AM To: '[EMAIL PROTECTED]' Subject: maintaining state securely for authentication Hi, I'm new to the group, and wonder if anyone would have a mod_perl (or even CGI) suggestion: I am writing an online application enabling users to create accounts, store information, and having the ability to edit/update information, provided it is under their username. All information (users, groups, data) will be stored via MySQL. The database is interfaced through a web application, using mod_perl and CGI (Perl). All users would initially have to login to the system to authenticate themselves. All updates, etc. done by the users would follow the login, so the username/password info would need to be maintain state throughout their session, while not giving away the information for potential abusers. Question 1: Apache authentication vs. form-based username/password query to MySQL? Pros/cons? Question 2: How can I enable users to updata/edit records in the system, through the web, while still knowing who they are (as per username/password login), over multiple pages throughout a session? I have found scenarios such as hotmail or monster.com good examples of what I want to accomplish. If anyone has some info, online explanations or suggestions to this, it would appreciated. Thanks alot ..Tom
installing mod_perl-1.24_01/apache_1.3.14/perl 5.004_04/solaris 5.6
Hi! I have been trying to install the subj combination for a couple of hours with no luck. After looking up Ken's archive, I decided to turn to the list for the help. I have gone exactly through the steps suggested in the apache readme file: $ gunzip apache_1.3.14.tar.gz | tar xvf - $ gunzip mod_perl-1.24_01.tar.gz | tar xvf - $ cd mod_perl-1.24_01 $ perl Makefile.PL APACHE_SRC=../apache_1.3.14/src \ DO_HTTPD=1 USE_APACI=1 \ EVERYTHING=1 (this reports no problems or versioning hints, and successfully completes) $ make This fails at httpd build stage, in the following way: cc -DSOLARIS2=260 -DMOD_PERL -DUSE_PERL_SSI -I/usr/local/include -I/opt/local/include -DNO_DL_NEEDED `./apaci`\ -o httpd buildmark.o modules.o modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a -lsocket -lnsl-L/usr/local/lib -L/opt/local/lib /usr/local/lib/perl5/sun4-solaris/5.00404/auto/DynaLoader/DynaLoader.a -L/usr/local/lib/perl5/sun4-solaris/5.00404/CORE -lperl -lsocket -lnsl -ldl -lm -lc -lcrypt modules/perl/libperl.a(mod_perl.o): In function `perl_shutdown': mod_perl.o(.text+0xc8): undefined reference to `perl_destruct_level' mod_perl.o(.text+0xd4): undefined reference to `perl_destruct_level' mod_perl.o(.text+0xdc): undefined reference to `perl_destruct_level' mod_perl.o(.text+0xe0): undefined reference to `perl_destruct_level' mod_perl.o(.text+0xe4): undefined reference to `perl_destruct_level' modules/perl/libperl.a(mod_perl.o)(.text+0xe8): more undefined references to `perl_destruct_level' follow [suppressed more linker errors screenfuls] Table.o(.text+0x198): undefined reference to `tmps_floor' make[3]: *** [target_static] Error 1 make[3]: Leaving directory `/home/vassilii/src/apache_1.3.14/src' make[2]: *** [build-std] Error 2 make[2]: Leaving directory `/home/vassilii/src/apache_1.3.14' make[1]: *** [build] Error 2 make[1]: Leaving directory `/home/vassilii/src/apache_1.3.14' make: *** [apaci_httpd] Error 2 Any hints will be greatly appreciated! Vassilii
RE: maintaining state securely for authentication
Thanks for the tip, true $ENV{REMOTE_USER} is not set unless authenticated : As for the Apache authentication, is there an alternative method of making this happen other than the pop-up window? ie can I authenticate w/ Apache through a form? I thought of the form login so the script would login the individual, then output a page with the user's account info. Can I make the Apache authentication point to a CGI script which takes these args (index.html with a redirect to CGI?). A form-based login would enable picking up user information for custom post-login pages. Thanks ..Tom -Original Message- From: Charles Day [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 12:16 PM To: 'Kralidis, Tom' Cc: '[EMAIL PROTECTED]' Subject: RE: maintaining state securely for authentication 1. Apache Authentication, using MySQL to authenticate, and use form based webpage with perl backend to query MySQL. 2. Once the directory is secured, you know who they are at all times by calling $ENV{REMOTE_USER} Charles Day IT Symix Systems, Inc. -Original Message- From: Kralidis, Tom [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 11:52 AM To: '[EMAIL PROTECTED]' Subject: maintaining state securely for authentication Hi, I'm new to the group, and wonder if anyone would have a mod_perl (or even CGI) suggestion: I am writing an online application enabling users to create accounts, store information, and having the ability to edit/update information, provided it is under their username. All information (users, groups, data) will be stored via MySQL. The database is interfaced through a web application, using mod_perl and CGI (Perl). All users would initially have to login to the system to authenticate themselves. All updates, etc. done by the users would follow the login, so the username/password info would need to be maintain state throughout their session, while not giving away the information for potential abusers. Question 1: Apache authentication vs. form-based username/password query to MySQL? Pros/cons? Question 2: How can I enable users to updata/edit records in the system, through the web, while still knowing who they are (as per username/password login), over multiple pages throughout a session? I have found scenarios such as hotmail or monster.com good examples of what I want to accomplish. If anyone has some info, online explanations or suggestions to this, it would appreciated. Thanks alot ..Tom
RE: maintaining state securely for authentication
The best form based login uses Auth::Cookie. Since you're running MySQL, you'll want to grab AuthCookieDBI.pm too. It depends how much account information the user has. I have a page that a user can access that displays his access levels and explains the different access levels. The page grabs an ENV variable call TICKET, which I put into space when the user is authenticated. If the user has lots of information, you'll want to make the page a cgi script, have the directory secured, grab the ENV{REMOTE_USER}, then run another query to get and display his info. AuthCookie works similar to this instead of the popup window: https://trading.etrade.com/cgi-bin/gx.cgi/AppLogic+Loginpage But you don't need all of this to do what you're trying to do. Just write a cgi script, have the user put in who he is from a form, query the database, returning the results to the webpage. Or, secure the directory, and grab the ENV{REMOTE_USER} automatically, query the database, and display the results to the webpage. Hope this helps. Charles Day IT Symix Systems, Inc. -Original Message- From: Kralidis, Tom [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 12:46 PM To: Charles Day Cc: '[EMAIL PROTECTED]' Subject: RE: maintaining state securely for authentication Thanks for the tip, true $ENV{REMOTE_USER} is not set unless authenticated : As for the Apache authentication, is there an alternative method of making this happen other than the pop-up window? ie can I authenticate w/ Apache through a form? I thought of the form login so the script would login the individual, then output a page with the user's account info. Can I make the Apache authentication point to a CGI script which takes these args (index.html with a redirect to CGI?). A form-based login would enable picking up user information for custom post-login pages. Thanks ..Tom -Original Message- From: Charles Day [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 12:16 PM To: 'Kralidis, Tom' Cc: '[EMAIL PROTECTED]' Subject: RE: maintaining state securely for authentication 1. Apache Authentication, using MySQL to authenticate, and use form based webpage with perl backend to query MySQL. 2. Once the directory is secured, you know who they are at all times by calling $ENV{REMOTE_USER} Charles Day IT Symix Systems, Inc. -Original Message- From: Kralidis, Tom [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 11:52 AM To: '[EMAIL PROTECTED]' Subject: maintaining state securely for authentication Hi, I'm new to the group, and wonder if anyone would have a mod_perl (or even CGI) suggestion: I am writing an online application enabling users to create accounts, store information, and having the ability to edit/update information, provided it is under their username. All information (users, groups, data) will be stored via MySQL. The database is interfaced through a web application, using mod_perl and CGI (Perl). All users would initially have to login to the system to authenticate themselves. All updates, etc. done by the users would follow the login, so the username/password info would need to be maintain state throughout their session, while not giving away the information for potential abusers. Question 1: Apache authentication vs. form-based username/password query to MySQL? Pros/cons? Question 2: How can I enable users to updata/edit records in the system, through the web, while still knowing who they are (as per username/password login), over multiple pages throughout a session? I have found scenarios such as hotmail or monster.com good examples of what I want to accomplish. If anyone has some info, online explanations or suggestions to this, it would appreciated. Thanks alot ..Tom
Why Does restart/gracefull makes httpd grow ?
Hi, I recently upgraded our servers to mod_perl 1.24.1 so I decided to give DSO mod_perl a try. And it now works perfectly, even with our perl modules implementing core httpd configuration directives (Wich was broken under DSO until 24.1) So, I decided to start playing with restart/graceful too, thinking that DSO might solve the problems of cleanly restarting a mod_perl server without loss of service... Here is a bit of top while restarting my server a few times : #INITIAL STARTUP PID USER PRI NI SIZE SWAP RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 17940 nobody10 0 275920 26M 27376 S 0 0.0 2.6 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17941 nobody10 0 275920 26M 27376 S 0 0.0 2.6 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17942 nobody10 0 275920 26M 27376 S 0 0.0 2.6 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17943 nobody10 0 275920 26M 27376 S 0 0.0 2.6 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17944 nobody10 0 275920 26M 27380 S 0 0.0 2.6 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17939 root 10 0 275160 26M 27312 S 0 0.0 2.6 0:01 /usr/local/apache/bin/httpd -Dhttpd_perl #RESTART #1 17971 nobody 5 0 401160 39M 39888 S 0 0.0 3.8 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17972 nobody 7 0 401160 39M 39888 S 0 0.0 3.8 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17973 nobody 9 0 401160 39M 39888 S 0 0.0 3.8 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17974 nobody10 0 401160 39M 39888 S 0 0.0 3.8 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17975 nobody10 0 401160 39M 39888 S 0 0.0 3.8 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17961 root 10 0 400400 39M 39816 S 0 0.0 3.8 0:03 /usr/local/apache/bin/httpd -Dhttpd_perl #RESTART #2 17980 nobody 6 0 526400 51M 52404 S 0 0.6 5.0 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17981 nobody13 0 526400 51M 52404 S 0 0.2 5.0 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17982 nobody16 0 526400 51M 52404 S 0 0.0 5.0 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17983 nobody18 0 526400 51M 52404 S 0 0.0 5.0 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17984 nobody19 0 526400 51M 52404 S 0 0.0 5.0 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17961 root 19 0 525600 51M 52332 S 0 41.1 5.0 0:05 /usr/local/apache/bin/httpd -Dhttpd_perl [...] #RESTART #5 18007 nobody 8 0 902040 88M 89976 S 0 7.1 8.7 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 18008 nobody 9 0 902040 88M 89976 S 0 0.0 8.7 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 18009 nobody10 0 902040 88M 89976 S 0 2.3 8.7 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 18010 nobody11 0 902040 88M 89976 S 0 4.7 8.7 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 18011 nobody15 0 902040 88M 89976 S 0 0.0 8.7 0:00 /usr/local/apache/bin/httpd -Dhttpd_perl 17961 root 15 0 901280 88M 89908 S 0 57.2 8.6 0:11 /usr/local/apache/bin/httpd -Dhttpd_perl And everything apparently behaves fine and keeps on working, but my main question is where is the 12Mb that adds to each process on restart comes from ? What is hapenning ? I know these issues have been brought before in the case of statically compiled-in mod_perl, but doesn't restarting the server freeing libperl.so and re-loading it freshly ? Any information would be more than welcome ... ## My version info is : Redhat 6.2 running on a i386 Linux 2.2.17 Server version: Apache/1.3.14 (Unix) Server built: Oct 18 2000 14:00:36 perl5 (5.0 patchlevel 5 subversion 3) mod_perl 1.24.1 /usr/local/apache/bin/httpd -l Compiled-in modules: http_core.c mod_so.c -- +---+ | Philippe M. Chiasson [EMAIL PROTECTED] | | SmartWorker http://www.smartworker.org| | IM : gozerhbe ICQ : gozer/18279998 | +---+ /* * Hash table gook.. */ -- Linux2.4.0-test2 /usr/src/linux/fs/buffer.c perl -e '$$=\${gozer};{$_=unpack(P26,pack(L,$$));/^Just Another Perl Hacker!\n$/print||$$++redo}' PGP signature
Exiting a module
OK, I can't find the answer to this in the docs, so I will try here. Relevant info: Solaris 8 (the following were all built with gcc 2.95.2 from sunfreeware.com) perl 5.6.0 mod_perl 1.24 Apache 1.3.12 In my Module, I have an error-displaying sub, as I trap all the errors myself. My current code looks something like this: (this is in a sub called from the handler() sub) if (! ($sth = $dbh-prepare_cached($sql))) { my_error_prnt(...); return; } This works fine. The my_error_prnt() sub is using the CGI module to output a nice HTML page, with some error messages passed to it. I then return to this sub, then return to the handler(), which then "falls out" through my code. However, if I try to put an Apache::exit() at the end of my_error_prnt, I get a server error, and the error log only says "error at line 202" line 202 has the Apache::exit call. I want to do this so I can code all my error traps like this: my_error_prnt() unless ($sth = $dbh-prepare_cached($sql)); And get rid of all the loops that need to exist just for a "return;" statement I have also tried with Apache::exit(Apache::Constants::OK), but no difference. Any ideas on how I can do this?? David McCabe Unix System Administrator Le Groupe Videotron [EMAIL PROTECTED] (514) 380 4433 "Serving children is our specialty. Approximate time to prepare: 45 minutes." Sign in Jack Astors resto/pub
Re: Exiting a module
At 02:19 PM 10/19/00 -0400, David McCabe wrote: However, if I try to put an Apache::exit() at the end of my_error_prnt, I get a server error, and the error log only says "error at line 202" line 202 has the Apache::exit call. This was fixed in 1.24_01, I believe. Bill Moseley mailto:[EMAIL PROTECTED]
Re: Exiting a module
From: Bill Moseley [EMAIL PROTECTED] Date: Thu, 19 Oct 2000 11:24:23 -0700 Subject: Re: Exiting a module To: [EMAIL PROTECTED] (David McCabe), [EMAIL PROTECTED] At 02:19 PM 10/19/00 -0400, David McCabe wrote: However, if I try to put an Apache::exit() at the end of my_error_prnt, I get a server error, and the error log only says "error at line 202" line 202 has the Apache::exit call. This was fixed in 1.24_01, I believe. Hope so, I started downloading the new mod_perl just before sending that last email, and I will try it out later. Thanx. David McCabe Unix System Administrator Le Groupe Videotron [EMAIL PROTECTED] (514) 380 4433 "Serving children is our specialty. Approximate time to prepare: 45 minutes." Sign in Jack Astors resto/pub
Re: Why Does restart/gracefull makes httpd grow ?
On Thu, Oct 19, 2000 at 01:55:50PM -0400, Philippe M. Chiasson wrote: Hi, I recently upgraded our servers to mod_perl 1.24.1 so I decided to give DSO mod_perl a try. And it now works perfectly, even with our perl modules implementing core httpd configuration directives (Wich was broken under DSO until 24.1) So, I decided to start playing with restart/graceful too, thinking that DSO might solve the problems of cleanly restarting a mod_perl server without loss of service... Here is a bit of top while restarting my server a few times : [] I've found that mod_so combined with Perl's dynamic loading causes this memory leakage. I ended up compiling apache without mod_so (i.e. all modules compiled in static, no DSO) and I do not see this memory leakage at all. And everything apparently behaves fine and keeps on working, but my main question is where is the 12Mb that adds to each process on restart comes from ? What is hapenning ? I know these issues have been brought before in the case of statically compiled-in mod_perl, but doesn't restarting the server freeing libperl.so and re-loading it freshly ? Any information would be more than welcome ... ## My version info is : Redhat 6.2 running on a i386 Linux 2.2.17 Server version: Apache/1.3.14 (Unix) Server built: Oct 18 2000 14:00:36 perl5 (5.0 patchlevel 5 subversion 3) mod_perl 1.24.1 /usr/local/apache/bin/httpd -l Compiled-in modules: http_core.c mod_so.c -- +---+ | Philippe M. Chiasson [EMAIL PROTECTED] | | SmartWorker http://www.smartworker.org| | IM : gozerhbe ICQ : gozer/18279998 | +---+ /* * Hash table gook.. */ -- Linux2.4.0-test2 /usr/src/linux/fs/buffer.c perl -e '$$=\${gozer};{$_=unpack(P26,pack(L,$$));/^Just Another Perl Hacker!\n$/print||$$++redo}' -- Paul Lindner [EMAIL PROTECTED] Red Hat Inc.
Make error...
Just downloaded the latest apache_1.3.14 and mod_perl-1.24 and receive an error when trying to process the following: perl Makefile.PL \ APACHE_PREFIX=/usr/local/apache \ APACHE_SRC=/temp/apache_1.3.14/src \ DO_HTTPD=1 \ USE_APACI=1 \ EVERYTHING=1 \ The error states that I must be using apache version 1.3.0??? What gives? tia, tm
RE: Make error...
There's a bug in src/include/httpd.h Quick patch: [root@jedi mod_perl-1.24] # cp /usr/local/src/apache_1.3.14/src/include/httpd.h /usr/local/src/apache_1.3.14/src/include/httpd.h.BAK [root@jedi mod_perl-1.24] # vi +433 !$:r #define SERVER_BASEVENDOR "Apache Group" #define SERVER_BASEPRODUCT "Apache" #define SERVER_BASEREVISION "1.3.14" /* TK CHANGE: mod_perl don't like this line for some reason */ /*#define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION */ /* so I changed it to this */ #define SERVER_BASEVERSION "Apache/1.3.14" or grab v1.24_01. ..Tom -Original Message- From: Todd McGuinness [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 4:57 PM To: [EMAIL PROTECTED] Subject: Make error... Just downloaded the latest apache_1.3.14 and mod_perl-1.24 and receive an error when trying to process the following: perl Makefile.PL \ APACHE_PREFIX=/usr/local/apache \ APACHE_SRC=/temp/apache_1.3.14/src \ DO_HTTPD=1 \ USE_APACI=1 \ EVERYTHING=1 \ The error states that I must be using apache version 1.3.0??? What gives? tia, tm
RE: Make error...
FAQ of the week o Using mod_perl with Apache 1.3.14 requires an upgrade to 1.24-01 (or some hacking around). Get the latest version from the mod_perl distribution page HTH --Geoff -Original Message- From: Todd McGuinness [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 4:57 PM To: [EMAIL PROTECTED] Subject: Make error... Just downloaded the latest apache_1.3.14 and mod_perl-1.24 and receive an error when trying to process the following: perl Makefile.PL \ APACHE_PREFIX=/usr/local/apache \ APACHE_SRC=/temp/apache_1.3.14/src \ DO_HTTPD=1 \ USE_APACI=1 \ EVERYTHING=1 \ The error states that I must be using apache version 1.3.0??? What gives? tia, tm
RE: installing mod_perl-1.24_01/apache_1.3.14/perl 5.004_04/solaris 5 .6
Further search in the excellent modperl guide by Stas Bekman at http://perl.apache.org/guide/install.html#Undefined_reference_to_PL_perl_ suggested a clue for this problem: This happens when you have Perl built statically linked, with no shared libperl.a. Build a dynamically linked Perl (with libperl.a) and the problem will disappear. Don't I actually have dynalink support in my perl if perl -V says Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib -L/opt/local/lib' libpth=/usr/local/lib /opt/local/lib /lib /usr/lib /usr/ccs/lib libs=-lsocket -lnsl -ldl -lm -lc -lcrypt libc=/lib/libc.so, so=so useshrplib=false, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' ' cccdlflags='-Kpic', lddlflags='-G -L/usr/local/lib -L/opt/local/lib' and also the libperl.a is there: /usr/local/lib/perl5/sun4-solaris/5.00404/CORE/libperl.a And, also, to make it 100% sure, I ensured that /usr/local/lib/perl5/sun4-solaris/5.00404/CORE/ is on the httpd's LD_LIBRARY_PATH :-( Vassilii -Original Message- From: Khachaturov, Vassilii Sent: Thursday, October 19, 2000 12:29 PM To: '[EMAIL PROTECTED]' Subject: installing mod_perl-1.24_01/apache_1.3.14/perl 5.004_04/solaris 5 .6 Hi! I have been trying to install the subj combination for a couple of hours with no luck. After looking up Ken's archive, I decided to turn to the list for the help. I have gone exactly through the steps suggested in the apache readme file: ... $ perl Makefile.PL APACHE_SRC=../apache_1.3.14/src \ DO_HTTPD=1 USE_APACI=1 \ EVERYTHING=1 (this reports no problems or versioning hints, and successfully completes) $ make This fails at httpd build stage, in the following way: [see http://forum.swarthmore.edu/epigone/modperl/brelfrermlal ]
RE: Make error...
-Original Message- From: Kralidis, Tom [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 3:03 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: Make error... There's a bug in src/include/httpd.h just to be straight, it's not a bug in Apache or mod_perl http://archive.covalent.net/modperl-cvs/2000/06/0009.xml note the change to accommodate apache was added to cvs in june... --Geoff Quick patch: [root@jedi mod_perl-1.24] # cp /usr/local/src/apache_1.3.14/src/include/httpd.h /usr/local/src/apache_1.3.14/src/include/httpd.h.BAK [root@jedi mod_perl-1.24] # vi +433 !$:r #define SERVER_BASEVENDOR "Apache Group" #define SERVER_BASEPRODUCT "Apache" #define SERVER_BASEREVISION "1.3.14" /* TK CHANGE: mod_perl don't like this line for some reason */ /*#define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION */ /* so I changed it to this */ #define SERVER_BASEVERSION "Apache/1.3.14" or grab v1.24_01. ...Tom -Original Message- From: Todd McGuinness [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 4:57 PM To: [EMAIL PROTECTED] Subject: Make error... Just downloaded the latest apache_1.3.14 and mod_perl-1.24 and receive an error when trying to process the following: perl Makefile.PL \ APACHE_PREFIX=/usr/local/apache \ APACHE_SRC=/temp/apache_1.3.14/src \ DO_HTTPD=1 \ USE_APACI=1 \ EVERYTHING=1 \ The error states that I must be using apache version 1.3.0??? What gives? tia, tm
Re: Exiting a module
From: [EMAIL PROTECTED] (David McCabe) Subject: Re: Exiting a module From: Bill Moseley [EMAIL PROTECTED] Subject: Re: Exiting a module At 02:19 PM 10/19/00 -0400, David McCabe wrote: However, if I try to put an Apache::exit() at the end of my_error_prnt, I get a server error, and the error log only says "error at line 202" line 202 has the Apache::exit call. This was fixed in 1.24_01, I believe. Hope so, I started downloading the new mod_perl just before sending that last email, and I will try it out later. Thanx. OK, I got the new mod_perl, and at the same time upgraded to Apache 1.3.14, and all is well again. Thanx. :) David McCabe Unix System Administrator Le Groupe Videotron [EMAIL PROTECTED] (514) 380 4433 "Serving children is our specialty. Approximate time to prepare: 45 minutes." Sign in Jack Astors resto/pub
[OT] Will a cookie traverse ports in the same domain?
hi, this HTTP protocol (definition and actual implementation) question is making me mad. Will (and should) a cookie be valid withing the same host/domain/subdirectory when changing PORT numbers? All my cookies have stopped working as soon as I've set my mod_perl apache on a high port with a proxying apache in port 80 [ see thread "AARRRGH! The Apache Proxy is not transparent wrt cookies!" ] martin
Re: ApacheCon Sunday Pub Meet
On Thu, 19 Oct 2000, Matt Sergeant wrote: How about Harvey Floorbangers, from 7 till late. (erm, I think late might still be 11pm for england *sigh*)... "With a name like Harvey Floorbangers you'd expect this to be a cheesy theme bar with singing bar staff and signed guitars on the wall. Thankfully, this is actually a traditional English pub frequented by locals and visitors to the Olympia Exhibition Building across the road." Sound OK to everyone? (Stas, I'm sure they serve tomato juice too...:) I make that. I'll bring a couple of co-workers too. We're also staying in the Hilton Olympia, incidentally. - Perrin
Re: [OT] Will a cookie traverse ports in the same domain?
According to martin langhoff: this HTTP protocol (definition and actual implementation) question is making me mad. Will (and should) a cookie be valid withing the same host/domain/subdirectory when changing PORT numbers? I think this depends on the browser (and its version number). However if you set up your front end proxy correctly it should be completely invisible and the client browser should never see a different hostname or port and cookies should continue to work. All my cookies have stopped working as soon as I've set my mod_perl apache on a high port with a proxying apache in port 80 [ see thread "AARRRGH! The Apache Proxy is not transparent wrt cookies!" ] Be sure that you have set a ProxyPassReverse to match anything that can be proxied even if you are using rewriterules to do the actual proxy setup. This will make the proxy server fix any redirects that mention the backend port or location (if different). You also need to make sure you aren't mentioning the local port in your own perl code or generating links that show it. If the port number shows up in your browser location window, you have something wrong. Les Mikesell [EMAIL PROTECTED]
Re: [OT] Will a cookie traverse ports in the same domain?
martin langhoff [EMAIL PROTECTED] writes: hi, this HTTP protocol (definition and actual implementation) question is making me mad. Will (and should) a cookie be valid withing the same host/domain/subdirectory when changing PORT numbers? All my cookies have stopped working as soon as I've set my mod_perl apache on a high port with a proxying apache in port 80 [ see thread "AARRRGH! The Apache Proxy is not transparent wrt cookies!" ] martin It would help if you post both the piece of httpd.conf that has your Proxy* directives on your light server, as well as the VirtualHost.../VirtualHost block from the heavy server's config file. Otherwise you could try running % tcpdump -i eth0 -l -s 1500 -w - port 80 or port 8080 | strings /tmp/http (the flags above probably need adjustment) on your server to examine the http headers and see where the cookies get dropped. Pay attention to the "Host" and "Cookie" lines. -- Joe Schaefer SunStar Systems, Inc.
Localized ht_time?
Hi All, Does anyone know if there is a way to get Apache::Util::ht_time() to correctly format times based on the time zone in $ENV{TZ} the way that POSIX::strftime() does? How 'bout getting it to use the correct language the way POSIX::setlocale() makes POSIX::strftime() format in the correct language? TIA! David -- David E. Wheeler Software Engineer Salon Internet ICQ: 15726394 [EMAIL PROTECTED] AIM: dwTheory
Re[2]: [OT] Will a cookie traverse ports in the same domain?
I'm sure this is not the right way grin, but I had this problem a while ago, and ended up manually setting the domain of the cookie to null/undef. I use cgi.pm to set the cookie, as follows. Note that where $q is a CGI.pm object reference. This is code extracted from an app framework running under registry, so it is not complete nor correct by any means, but should give an idea of the approach ... my $cookies = [ $q-cookie(-name='CookieName',-value='CookieValue',-path='/') ]; $cookies-[0]-{domain} = undef; and then later on print $self-cgi-header(-cookie=$cookies,-type="text/html; charset=iso-8859-1"); I seems that CGI.pm-cookie() method was, at least for me at the time, forcing/defaulting the domain name of the cookie to be that of the server. When I set it to undef, it the browser then associated it with the current server, which was the proxy. Of course, I might be dead wrong about the why, but I know it works for me. I have my mod_perl server running on a high port (bound to localhost), and my stronghold proxy on port 80 (bound to the published IP), which is similar to the described configuration. Of course, this is probably not the "right" way, but it worked/works for me (until someone suggests a better one ...) Brgds, Mike.
Re[2]: [OT] Will a cookie traverse ports in the same domain?
I'm sure this is not the right way grin, but I had this problem a while ago, and ended up manually setting the domain of the cookie to null/undef. I use cgi.pm to set the cookie, as follows. Note that where $q is a CGI.pm object reference. This is code extracted from an app framework running under registry, so it is not complete nor correct by any means, but should give an idea of the approach ... my $cookies = [ $q-cookie(-name='CookieName',-value='CookieValue',-path='/') ]; $cookies-[0]-{domain} = undef; and then later on print $self-cgi-header(-cookie=$cookies,-type="text/html; charset=iso-8859-1"); I seems that CGI.pm-cookie() method was, at least for me at the time, forcing/defaulting the domain name of the cookie to be that of the server. When I set it to undef, it the browser then associated it with the current server, which was the proxy. Of course, I might be dead wrong about the why, but I know it works for me. I have my mod_perl server running on a high port (bound to localhost), and my stronghold proxy on port 80 (bound to the published IP), which is similar to the described configuration. Of course, this is probably not the "right" way, but it worked/works for me (until someone suggests a better one ...) Brgds, Mike.
Re: Localized ht_time?
"David E. Wheeler" wrote: Hi All, Does anyone know if there is a way to get Apache::Util::ht_time() to correctly format times based on the time zone in $ENV{TZ}... It does. Duh! Please ignore my spam. David
MyClass::import() not being called.
Good evening all, I've got this happy little access handler that works just fine. Now I need for it to accept parameters through import(). The catch is that MyClass::import() isn't being called. I've done all of the obvious stuff, like including lots of debugging messages, reading the docs, reading the Apache modules book, and even searching the archives for this list, no help. Does anybody know what's happening here? Rodney Broom