Re: Re: Re: Need help creating an Apache session logout script with Perl/CGI without the use cookies.

That's what I figured. You simply have to tell the browser the password was rejected; it should then discard the password they entered, and they'll be logged out. The error code that says "Sorry, wrong password!" is 401, so you want to create a script that will send back an appropriate 401 error, and then create a button or link that runs that script. The easiest way to figure out what to send is to manually conduct an HTTP conversation, and see what Apache sends when you don't give a password. That's pretty much what your script will have to send.

For standard CGI scripts, you can set the status by including a

Status

header. I'm not sure how to do it under mod_perl.

Comment on Re: Re: Re: Need help creating an Apache session logout script with Perl/CGI without the use cookies.

Replies are listed 'Best First'.
Re: Re: Re: Re: Need help creating an Apache session logout script with Perl/CGI without the use cookies. by valdez (Monsignor) on Sep 07, 2003 at 10:46 UTC
I think you need also to specify the realm, so a simple cgi script may not suffice, though I haven't tested it. It is simplier to use Apache: create another protected area with the same realm (same `AuthName`), but with an empty passwd file, and redirect there users that want to log out: `<Location "/protected"> ErrorDocument 401 /docs/register.html Order deny,allow Deny from all AuthType Basic AuthUserFile /path/to/real/passwd AuthName "Protected Area" Require valid-user satisfy any </Location> <Location "/protected/logout"> ErrorDocument 401 /docs/loggedout.html Order deny,allow Deny from all AuthType Basic AuthUserFile /path/to/empty/passwd AuthName "Protected Area" Require valid-user satisfy any </Location>` [download] You can also use Apache `ErrorDocument` directive to show user friendly messages. I don't like this solution because it forces final users to fail a login to be logged out. With mod_perl it is possible to build very neat and sophisticated authentication systems; chapter 6 of Writing Apache Modules with Perl and C is about Authentication & Authorization and is available online here. HTH, Valerio	[reply] [d/l] [select]
Re: Re: Re: Re: Need help creating an Apache session logout script with Perl/CGI without the use cookies. by BUU (Prior) on Sep 07, 2003 at 08:49 UTC
So if I'm following sgifford correctly, this should do it: `print "Status: 401\n"; print "Redirect: $0\n";` [download] (the redirect header might not be the exact syntax.. I forget)	[reply] [d/l]
Re: Re: Re: Re: Re: Need help creating an Apache session logout script with Perl/CGI without the use cookies. by sgifford (Prior) on Sep 08, 2003 at 15:12 UTC
Here's an example of the response and header a Web server might send to an unauthenticated user: `HTTP/1.1 401 Authorization Required Date: Mon, 08 Sep 2003 15:04:20 GMT Server: Apache/1.3.28 (Unix) WWW-Authenticate: Basic realm="Ford Shared Inventory Login" Connection: close Content-Type: text/html; charset=iso-8859-1` [download] I don't remember exactly how to do this, but it should just take a little experimentation. You should also consider reading up on HTTP Authentication in the HTTP 1.1 spec at http://w3.org.	[reply] [d/l]