in reply to Calling script after htaccess authentification

I've searched the perlmonks archives and have seen references which use mod_perl to handle situations such as this. However, mod_perl is not available to me at the moment.

You may be out of luck. mod_perl is integrated with Apache, and can do things that CGI scripts cannot.

I'm really trying to avoid a double login process.

The common way to do this is to forgo web server authentication (i.e., .htaccess control) entirely, relying instead on application-level login. Can you say more about why you need both?

  • Comment on Re: Calling script after htaccess authentification

Replies are listed 'Best First'.
Re: Re: Calling script after htaccess authentification
by Xxaxx (Monk) on Jul 30, 2002 at 19:14 UTC
    The site has a combination of public content, static group content and dynamic private content.

    The public content is easy, standard stuff.

    The static group content will be items such as information, forms, and downloads which is available to any and all approved users.

    The dynamic private content is specific to user. These would be reports composed of information specific to the exact user.

    The dynamic private content will be served through Perl scripts. This will most likely be controlled by cookiers following a successful login.

    I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts. This allows a slightly less trained person to do the updates. HTML and FTP knowledge rather than Perl background. i.e. cheaper labor for da boss.

    Obviously the easy solution is to have the users login twice. Once when they need access to the group material, and then again when they need access to any private material.

    Da boss is annoyed by the double login and I'm trying to find a way around this. Hence the grasping at straws....

    Thanks, Claude

[reply]
      The site has a combination of public content, static group content and dynamic private content.

      I have a site like this. The scripts that generate dynamic content require an appropriate login cookie, and the data that they use is kept in a folder that is not visible to the web server. No apache authentication is required. Works fine, though it does mean that I have to do downloads via a CGI script, instead of letting the web server handle the details.

      I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts.

      So keep the perl scripts in a separate directory?

      I'm still not seeing why you need .htaccess control.

[reply]
        though it does mean that I have to do downloads via a CGI script, instead of letting the web server handle the details.

        It is less than satisfying to pass all of the content through a script. It just seems like extra overhead. Apache is optimized for shoveling pages to browsers. Putting the Perl script in the middle seems like extra overhead. Maybe this is just my old 8088 conservatism. Trying to eliminate all extra processes.

        Claude

[reply]

In Section Seekers of Perl Wisdom