geektron has asked for the wisdom of the Perl Monks concerning the following question:

i know that basic auth doesn't give users any real way to 'log out' that's in any way useful. another little dealio i inherited at the new job tries to do it by redirecting users to a new directory with a  require user nosuchuser in the .htaccess file which is spitting 500 errors when no authorization credentials are offered.

i'm guessing i could drop in some kind of quick-and-dirty mod_perl handler ... but since it's the whole site that's 'protected', i'd also need to set an auth cookie. i don't want to wrap every little page and script with a check for the cookie ...

if it makes any difference (and i'm not sure it does), we're using Auth_MySQL for the user mgmt.

i left my copy of _practical mod_perl_ at home .... so i don't have it to consult right now. suggestions?

Replies are listed 'Best First'.
Re: [OT?] dropin apache basic auth replacement
by iburrell (Chaplain) on Feb 20, 2004 at 21:33 UTC
    If you want to use cookies for authentication, then Apache::AuthCookie makes a good base for the mod_perl authentication handler.

    It is a base class and requires defining code to create and validate the cookies. There are existing modules that lookup users in the database and validate cookies based on hashes (Apache::AuthCookieDBI).

[reply]
      this *totally* looks like the ticket. thanks!
[reply]
Re: [OT?] dropin apache basic auth replacement
by japhy (Canon) on Feb 20, 2004 at 15:06 UTC
    I was wondering about "deauthorizing" just yesterday, but the credentials are stored in the browser, so it's up to the browser to forget. Some browsers will forget when given the situation you posed, but some don't.
    _____________________________________________________
    Jeff[japhy]Pinyan: Perl, regex, and perl hacker, who'd like a job (NYC-area)
    s++=END;++y(;-P)}y js++=;shajsj<++y(p-q)}?print:??;
[reply]
      right. exactly the reason i was thinking of some mod_perl handler for maintaining auth state.
[reply]

Back to Seekers of Perl Wisdom