RE: Convert Cookies--HTTP Request Headers?

2003-04-06 Thread Kruse, Matt 
Title: RE: Convert Cookies--HTTP Request Headers?





From: Brian Reichert
Ok, I'm confused: the cookies are already in the request header,
and you want to 'convert' them into a request header?


Well, yes. Two reasons:
1) In the real production environment, the cookie is encrypted and validated against a database with each request. My app knows nothing about the cookie. All it ever sees is the request headers.

2) I wanted to use a cookie simply because it's the easiest way to dynamically control the contents of the headers to be sent, and the easiest way I could think of that would work with a login page.

I assumed people would think it was an odd request, but it does make sense :)


From: Juha-Mikko Ahonen
Why name NAME to HTTP_NAME? Or do you want the cookie content to appear
in subprocess environment (which has similar naming convention), like
other server variables?


Actually, this was an oversight, I'm used to CGI!!


 2. Writing some sample code :)
package Your::SSOHandler;


Thank you! This is exactly the kind of example I needed. Will test ASAP, and adjust to fit my specific needs. I'm quite familiar with Perl, it's mainly the API's that I'm clueless about. Your code makes sense and at least points me in exactly the right direction.

For testing you could make the handler module stat and evaluate contents
of an external Perl file. Put your code on the file to be evaluated,
and avoid restarts.


True, that would work also, but it would still require modifying a file each time. 
With this cookie solution, I can create a fake login page which will set the appropriate cookies in _javascript_ and also allow for simulating logout by clearing the cookie.

Matt

Convert Cookies--HTTP Request Headers?

2003-04-04 Thread Kruse, Matt 
Title: Convert Cookies--HTTP Request Headers?





I have a unique need purely for testing purposes. I'm not very familiar (yet) with mod_perl handlers in Apache, so I've had a rough time getting anything going.

Here is my goal:


For every request to Apache:
 1. Parse the cookie coming in via the request header
 2. Pull out each value (ex: NAME=bob;TITLE=boss)
 3. Convert them to HTTP Request Headers
 4. Pass the request on to the requested resource (a script of some sort)


So, if I have a cookie like: NAME=bob;TITLE=boss
My program would then see the following headers in the request:
 HTTP_NAME=bob
 HTTP_TITLE=boss


This will help me simulate a Single-Sign-On situation where the authentication handler passes all authenticated user information to the resource via headers.

Can anyone help me by either:
 1. Giving an outline of what handlers I would want to use, and how I can write request headers with them
or
 2. Writing some sample code :)


NOTES:
 1. I'm running Apache 2.0 and mod_perl 2 right now, but I can bump it down if required
 2. I've already used mod_headers to simulate this, but unfortunately that isn't dynamic enough for testing, ie, I need to change httpd.conf and re-start the server to test different header scenarios.

Thanks!


Matt Kruse