mod_perl question on PerlAuthenHandler

jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

For all of you mod_perl types out there:

How difficult would it be to write a PerlAuthenHandler that takes the 401-prompted username/password pair, create a timestamp file, and for each time the user requests a page, check the timestamp. If the timestamp is ever more than 15 minutes old (or some other time, set by configuration), instead of sending the requested document, send a login script requesting password again, and if the password is correct in the cgi form, then return the requested document?

I know this is convoluted and I have most of the other part, I'm just not sure how to spawn a subrequest in mod_perl that is part of the PerlAuthenHandler Authentication phase. It shouldn't be too hard to force Apache to parse the user input from a cgi script as part of the Authentication phase, but I'm not adept at mod_perl enough to do it. Here is a nice little flow chart type thingy:

_401 response_  -> request username password -> check timestamp -> \

if timestamp is too long, or no timestamp -> return a cgi -> if user i
+nput \

checks out -> send the requested document.
[download]

Browsers are too flaky to rely on sending AUTH_REQUIRED to prompt a username/password entry.

Thanks,

jjhorner

Comment on mod_perl question on PerlAuthenHandler Download Code

Replies are listed 'Best First'.
Re: mod_perl question on PerlAuthenHandler by hel0 (Novice) on Jun 22, 2000 at 23:28 UTC
Hi, It's been awhile since I looked at the Apache API, but if I needed to do what you are doing here's what I'd do. I'd set up a handler to be called before any other Auth handlers, that checks your database to see if the user still has rights to access. If everything is cool, simply return an OK to apache it will continue to process the request. If the users session has timed out, issue a redirect to the user(to your script) and return DECLINED to apache. That should stop the request processing phase of apache and your use should be quickly dispacted to refresh your database. $r->header_out->add('Location' => $uri); $r->status(REDIRECT); $r->send_http_header; Something like that should do the trick. It's not bulletproof because redirects arn't. If you want bulletproof look into internal redirection. Hel0	[reply]
Re: mod_perl question on PerlAuthenHandler by KM (Priest) on Jun 22, 2000 at 19:14 UTC
This not hard at all. In fact, you may want to take a look at Apache::Session, which may do what you want already. If it does not, looking at the source code will give you an idea of how to get this done. There is also the book 'Writing Apache Modules in Perl and C' by ORA, as well as tutorials somewhere off of perl.apache.org. Cheers, KM	[reply]
RE: Re: mod_perl question on PerlAuthenHandler by jjhorner (Hermit) on Jun 22, 2000 at 19:23 UTC
I've got the book, but I have no ability to use a database backend for this server. This means that all of those cool database using modules are useless to me. I'm going to take the C version we have and port to mod_perl for now. I have no idea what else to do and I am not sure I can do it any easier. Thanks, J. J. Horner Linux, Perl, Apache, Stronghold, Unix jhorner@knoxlug.org http://www.knoxlug.org/	[reply]
RE: RE: Re: mod_perl question on PerlAuthenHandler by KM (Priest) on Jun 22, 2000 at 19:26 UTC
So, modify the modules to use DBM files, or text files (ick), or keep a cache of the data in memory (ick), write the data to a global hash and use Data::Dumper to save current information periodically. Or, install MySQL :) This is not hard! Cheers, KM	[reply]