On Mon, Nov 13, 2017 at 8:28 PM, Adam Vest
<adam.v...@vestfarms.com.invalid> wrote:
> Evening everyone,
>
> I'm trying to make it so that only certain elements on a web page are
> visible to users logged in, and are otherwise not displayed using
> mod_include flow control. The only way I've been able to do that so far is
> to detect the cookie that the apache auth sets, which works sort of. Of
> course if I just manually set the cookie in my browser then the stuff shows
> and just confuses the whole setup I put. I know from reading the docs that
> %{REMOTE_USER} isn't exposed to these conditionals due to the order of
> operations. However, it'd be super-cool if it WERE. I know that filter
> processing can be tweaked to a degree with mod_filter, so I'm wondering if I
> can instruct apache to process authentication ahead of mod_include? I
> couldn't find anything directly saying yes or no, so figured I'd see if
> anyone on here knew one way or the other, or see if anyone had any other
> suggestions for accomplishing what I'm looking for.
>
> Appreciate your help!That is surprising, an output filter like mod_include should not have those limitations about variables being accessed "too early" like in <if> because it is fundamentally evaluated so late. Are you sure your user checking syntax was right? You can test outside of SSI with Header set Foo SUCCESS expr="..." as a sanity check. I was going to suggest using mod_session but I don't think it is any safer if you access its cookie directly and I don't think there is mod_session / expression integration.h -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
