I have a modperl handler that sets a cookie and does a redirect if the
cookie was not present. The redirected page eventually loads the same page
again. In addition, this page is called from a protected portion of the
site that requires Basic Auth.
When the redirect calls the mod_perl routine
assigns it at the first place.
Peter Bi
- Original Message -
From: Michael Robinton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 1:05 PM
Subject: odd authetication situation
I have a modperl handler that sets a cookie and does a redirect if the
cookie
cookies and tokens are expected very dicey...
Michael
- Original Message -
From: Michael Robinton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 1:05 PM
Subject: odd authetication situation
I have a modperl handler that sets a cookie and does
Peter wrote:
Maybe you can try to add specifically:
$r-connection-user('who_the_user_is') before the cookie access control
returns OK in the module. Note that some of the cookie authentication
modules are based on access-only control so $r-connection-user() can
return a value in late phases
The client only sends basic auth credentials when requested. So if you have
an authorization handler that might validate a cookie and return OK before
basic auth credentials are requested of the client, then you will need to
set $r-user from that handler for it to be accessible later on down the
