Hi all,
I've spent the last couple hours trying to debug a seemingly simple
piece of code. I've come up with something that seems puzzling (but it's
probably just too early in the morning for me) -- any clarification
would be appreciated.
The code I'm writing is a cookie-based authentication scheme, inspired
by Apache::TicketAccess from the Eagle book (thanks Doug & Lincoln!).
I'm sending the client the ticket cookie like so:
use constant TICKET_NAME => 'AdminTicket';
# ... lots of code
my $ticket = CGI::Cookie->new(-name => TICKET_NAME,
-path => '/'
# more stuff
);
$r->header_out('Set-Cookie' => $ticket);
Now, this seems to work fine. The browser is sent a cookie, and sends it
back to the server when it requests a page that requires authentication.
However, I can't seem to verify the cookie properly. Here's my
verification code:
sub verify_ticket {
my $self = shift;
my $r = $self->{_req};
print STDERR "Cookie: " . $r->header_in('Cookie') . "\n"; #DEBUG
my %cookies = CGI::Cookie->parse($r->header_in('Cookie'));
return (0, 'user has no cookies') unless %cookies;
#DEBUG
my $cookie_name;
foreach (keys %cookies) {
print STDERR "Cookie: [$_] -> [$cookies{$_}]\n";
print STDERR "Cookie name: [$_] ; Expected: [" . TICKET_NAME .
"]\n";
print STDERR "The cookies match.\n" if $_ eq TICKET_NAME;
$cookie_name = $_; # HACK: remember a valid hash key
}
# this does NOT work
#return (0, 'user has no ticket') unless $cookies{TICKET_NAME};
# this works, strangely
return (0, 'user has no ticket') unless $cookies{$cookie_name};
# lots more code
}
(As you can tell, I've been banging my head against the wall for a
while, inserting print statements ;-) ).
I get the following log output:
Cookie:
AdminTicket=ip&127.0.0.1&expires&15&hash&f6o%2BtYJ2AFm1aBy3plFrOigo1yg&user&nconway&time&1010403781
Cookie: [AdminTicket] ->
[AdminTicket=ip&127.0.0.1&expires&15&hash&f6o%2BtYJ2AFm1aBy3plFrOigo1yg&user&nconway&time&1010403781;
path=/]
Cookie name: [AdminTicket] ; Expected: [AdminTicket]
The cookies match.
Now, this is as I expected it. However, the commented out code such as:
return (0, 'user has no ticket') unless $cookies{TICKET_NAME};
Doesn't work -- it seems to think that there is no such hash element as
TICKET_NAME.
Since there is only 1 cookie, I used the ugly hack above and iterated
through the keys of the hash and used the only actual hash element. The
weird that is that the value I get from this is 'eq' to TICKET_NAME --
yet, it works, but TICKET_NAME does not. IIRC, if I replace the
instances of TICKET_NAME with its literal value ('AdminTicket'), it also
does not work.
Would someone be kind enough to point out what I've missed? Because I'm
stumped...
Thanks in advance,
Neil
--
Neil Conway <[EMAIL PROTECTED]>
PGP Key ID: DB3C29FC
