Re: OT: Is there a general question apache mailing list?
Do you have Includes enabled in the Options for the directory that has your .shtml files? (http://www.apache.org/docs/mod/mod_include.html) "Olsen, James" wrote: > > Hello list, > > I have apache 1.3.6 with mod_perl 1.21 installed. I've been using it > without any problems for a long time, and I've now reach a point where I'd > like to use server side includes like > > Normally, on other web sites this is a painless procedure. The httpd.conf > is pretty much unmodified as it came with the distribution, except I > uncommented these lines: > > AddType text/html shtml > AddHandler server-parsed shtml > > And for htdocs AllowOverride is set to All > > I've also tried adding these lines, and many variations to the .htaccess. > When I view a page, the SSI code is still in the document, as if the server > didn't process it at all. > > I'm at a loss for what might be wrong - the "Apache: The Definitive Guide" > book I have makes it sound like there are no build-time configuration > options that need to be selected- it seems like this is default behavior to > expect. > > As an update, I've downloaded Apache 1.3.9 and rebuilt my entire server, > and the new server has the exact same problem.. My server-info says > mod_include.c is installed and handling content for > text/x-server-parsed-html , text/x-server-parsed-html3 , server-parsed , > text/html.. But SSI statements aren't being processed - they are still in > the HTML code that is delivered to the browser. I'm at wits' end. > > I would like to post this question on a Apache mailing list because I can > seem to find the answer on the apache web site, this apache book, or by > searching the web. > > Does anyone know of any Apache mailing lists? > > Thanks for listening... -- Eugene
Re: authentication via login form
Many thanks to all who replied. 1. I think I can summarize the responses so far as boiling down to how I do session management (hidden fields, URL mangling, cookies) and that I will have to develop my own authentication mechanism. (The reason I hoped there might be a solution using Apache's standard authentication mechanism is because users with login credentials will also be able to access a message board which which uses Basic authentication to validate them). 2. URL-based sessions are tempting (work with cookie-less browsers), but seem a headache to implement site-wide, tho it might just be my inexperience with them speaking here. 3. I am going to be using HTML::Mason for this site, so I will probably use Apache::Session for session management with cookies. By the way, the article that Jeffrey pointed me to (http://www.modperl.com/book/chapters/ch6.html#Cookie_Based_Access_Control) is very interesting - I ordered a copy of the book after reading it. Thanks again. -- Eugene
authentication via login form
I'd like to authenticate users via a login form (username, password text fields) instead of using the standard dialog box a browser pops up in response to a 401 response code. Can this be done while still using Apache's authentication mechanism? I understand that authentication happens in 2 passes: first the server sends back a 401 and WWW-Authenticate header in response to a request for a resource in a protected directory. Then the browser pops up a dialog box, collects the entered information (user/password) and sends it back Base64 encoded to the server in an Authorization header. If the authentication succeeds, the browser returns the page and remembers the authentication info for subsequent requests for resources in the same directory or directories under it. While I could collect the username/passwd from the form fields, encode them and pass them to the server, I can't figure out how to make the browser remember the credentials for all other pages under the protected directory. Any ideas much appreciated. -- Eugene
