in reply to mod_perl authorization and time-outs ... without cookies?

Depending on how you want to work it, you could also use standard CGI.pm (instead of creating a perl handler to strip off URL info in mod_perl), by adding on to the url string like: 
 http://www.perlmonks.org/?user=jaybonci&session=1348213xsd24gf12341s|
+junk

[download]
...and then making sure all of your links and forms add the current session to the browser. This is avery common web practice.

    --jb

Replies are listed 'Best First'.
Re: Re: mod_perl authorization and time-outs ... without cookies?
by TheHobbit (Pilgrim) on Apr 20, 2002 at 10:24 UTC

    Hi,
    I don't like the ident in the URL, this make messy URLs :) (I agree, is a matter of personal taste).

    As in any case you have a script which filter your request, why don't use POST method and made the section id a hidden param?

    This leave you with the problem to force the person to retape his password. But this could be achieved (for instance) by aving the script generating the Realm name on a per-session base, so that when the session timeout, you start a new one which implies sending a new realm name to the client, so forcing it to ask again the password to the user.

    Disclaimer: I do not know if the above approach would work, nor if it is secure to do it.

    Cheers
    Leo TheHobbit
    GED/CS d? s-:++ a+ C++ UL+++ P+++>+++++ E+ W++ N+ o K? !w O? M V PS+++
    PE-- Y+ PPG+ t++ 5? X-- R+ tv+ b+++ DI? D G++ e*(++++) h r++ y+++(*)
[reply]

In Section Seekers of Perl Wisdom