I'm having some troubles with a system I am writing.  The system uses
the Ticket system from the Eagle book, with some minor modifications.

I have also created a "logout" module, which SHOULD delete the person's
cookie and redirect them to the main page (where they should be
re-directed by the Ticket system to a login screen as the cookie is
gone).

Currently, it isn't working.  I had it "working" (click "Log Out" and
you got sent to the login screen), but I noticed that the cookie wasn't
deleted, and that I could type the correct URL (non Ticket redir url)
into the browser and I was back in! This is obviously not a good thing!

I placed a bunch of "print STDERR" statements in it and what I see now
in the log (after editing to try and make it correctly delete the
cookie) is the logout module processes correctly, the "action" does get
re-set to "view". . . and then it re-runs the logout module!  Maybe I'm
not using the correct Apache return name (DONE, OK, DECLINED, etc.)? or
maybe I'm just totally screwing up the cookie re-make.

Can anyone take a moment and review this code to see what this beginner
has fouled up?

Modified TicketAccess.pm:

#######################################################
package FES::Apache::TicketAccess;
use strict;
use Apache::Constants qw(:common);
use FES::Apache::TicketTool ();

sub handler {
  my $r = shift;
  my %input = $r->args;                                                         # for 
checking input items
  my $ticketTool = FES::Apache::TicketTool->new($r);
  my($result, $msg) = $ticketTool->verify_ticket($r);
  unless ($result) {
    $r->log_reason($msg, $r->filename);
    my $cookie = $ticketTool->make_return_address($r);
    $r->err_headers_out->add('Set-Cookie' => $cookie);
    return FORBIDDEN;
  }
  ## Here is where I added a push_handler insert.

  my $action = defined $input{'act'} ? $input{'act'} : 'view';

  if ($action eq 'logout')  {
    $r->push_handlers('PerlHandler' => 'FES::Control::Logout');
    return OK;
  } elsif ($action eq 'view') {
    $r->push_handlers('PerlHandler' => 'FES::Control::View');
    return OK;
  } else {
    $r->push_handlers('PerlHandler' => 'FES::Control::View');
    return OK;
  }
}

1;
##################################################

And the Logout module hit by clicking a link built as 
<a href="/fes?act=logout">Log Out</a>

################################################
package FES::Control::Logout;
use strict;
use Apache;
use Apache::Constants qw(:common);
use CGI::Cookie;

sub handler {
  my $r = shift;
  my $q = new CGI;
  my $ticket = _get_ticket('r' => $r);
## These next two lines are to re-make the two cookies set
## by the Ticket system from the Eagle book to expiration dates
## from before today, thus deleting them (I wish!)
  my $cookie1 = new
CGI::Cookie(-name=>'Ticket',-value=>undef,                             
-expires=>'-100m');
  my $cookie2 = new
CGI::Cookie(-name=>'request_uri',-value=>undef,                    
-expires=>'-100m');
  $r->header_out('Set-Cookie',[$cookie1,$cookie2]);
  $r->internal_redirect("/fes");
  return OK;
}

sub _get_ticket {
  my $args = {
    'r' => undef,
    @_
    };
  my $r = $args->{'r'};
  my %cookies = fetch CGI::Cookie;
  my %ticket = $cookies{'Ticket'}->value;
  return \%ticket;
}

1;
##############################################3

I have tried switching from CGI::Cookie to Apache::Cookie (and modifying
the commands to suit) - no luck.  Same thing.

Can anyone see something obvious that I am doing wrong?  I realized that
this is probably a "newbie" question, but I could use the help.  I have
re-written the Logout.pm a dozen times, to no avail.

--Jon Robison

Reply via email to