RE: AuthCookie solution
-Original Message- From: Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 15, 2000 10:20 PM To: [EMAIL PROTECTED] Subject: Re: AuthCookie solution a little off the subject, but close. it the pointer for login is a complete URL ie http://foo.com/login.pl then the $r-prev-args; seem to get lost. There is real application for this sort of thing and I would like to figure out how to make it work. Any ideas why it does not? $r-prev() only knows about the previous internal redirect. $r-header_out(Location = 'http://foo.com/login.pl'); results in a full redirect (ie a new request) as an aside, I've found it safer to when using $r-prev to code like my $query = $r-prev ? $r-prev-args : $r-args; because $r-prev is undefined on $r-is_initial_req() which leads to runtime errors (beware of my $x if 0 coding, too :) depends on your situation, though - YMMV... --Geoff Michael [EMAIL PROTECTED]
AuthCookie solution
Works perfectly. Excellent idea. Thank you very much Bill!
# added args to login.pl so we can redirect URL's with arguments during
initial authentication.
my $args = $r-prev-args;
# add the ?
$args = "?".$args if $args;
# put this in the form next to $uri.
INPUT TYPE=hidden NAME=args VALUE="$args"
# We added the line below to AuthCookie.pm
# original way.
#$r-header_out("Location" = $args{'destination'});
# this works, but is sloppy.
#$r-header_out("Location" = $ENV{HTTP_REFERER});
# best way.
$r-header_out("Location" = $args{'destination'}.$args{'args'});
-Original Message-
From: Bill Moseley [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 03, 2000 5:30 PM
To: Charles Day; '[EMAIL PROTECTED]'
Subject: Re: AuthCookie
At 03:30 PM 11/03/00 -0500, Charles Day wrote:
The follow also holds true:
http://www.mydomain.com/index.cgi?a=blablablab=blablabla
gets redirected to:
http://www.mydomain.com/index.cgi
If I remember, that's just due to the example in the AuthCookie POD that
uses
$r-prev-uri to set the destination parameter in the Login script. uri()
doesn't include the query string, IIRC.
I've replaced the following line in AuthCookie.pm
$r-header_out("Location" = "$args{'destination'}");
with:
$r-header_out("Location" = "$ENV{HTTP_REFERER}");
I wouldn't do that as it's client dependent (and in quotes ;).
And we don't loose the data. Is there a better mod_perlish way to do this
and are there buffer overflow risks involved?
Use a mod_perl handler or Apache::Registry script for the login script, and
include $r-prev-args. There's probably better ways to get the full URL,
but I just put uri() and args() together.
I suppose if your login.pl script could just place the current fields
passed in on the POST to the destination parameter passed to AuthCookie.
Then your script would get the parameters, they would just be a GET instead
of a POST. Can be kind of ugly.
Bill Moseley
mailto:[EMAIL PROTECTED]
Re: AuthCookie solution
At 04:19 PM 11/15/00 -0500, Charles Day wrote:
# We added the line below to AuthCookie.pm
$r-header_out("Location" = $args{'destination'}.$args{'args'});
Why pass a new argument? Can't you just add the query string onto the
destination field in your login.pl script?
Something like the untested:
my $uri = $r-prev-uri;
my $query = $r-prev-args;
$uri = "$uri?$query" if $query;
print qq[INPUT TYPE=hidden NAME=destination VALUE="$uri"];
Bill Moseley
mailto:[EMAIL PROTECTED]
Re: AuthCookie solution
At 04:19 PM 11/15/00 -0500, Charles Day wrote:
# We added the line below to AuthCookie.pm
$r-header_out("Location" = $args{'destination'}.$args{'args'});
Why pass a new argument? Can't you just add the query string onto
the destination field in your login.pl script?
Something like the untested:
my $uri = $r-prev-uri;
my $query = $r-prev-args;
$uri = "$uri?$query" if $query;
a little off the subject, but close.
it the pointer for login is a complete URL ie http://foo.com/login.pl
then the $r-prev-args; seem to get lost. There is real application
for this sort of thing and I would like to figure out how to make it
work. Any ideas why it does not?
Michael
[EMAIL PROTECTED]
