more mod_perl configuration woes

geektron has asked for the wisdom of the Perl Monks concerning the following question:

yes, i've been posting this for a couple days now, trying to get through it ....

I have logging in via Apache::AuthCookie working, but I can't get logging *out* to work. (logging out was the real reason for using Apache::AuthCookie and not just AuthBasic in apache ).

here's everything i *think* is relevant to my server's configuration


NameVirtualHost 10.0.0.50
<VirtualHost 10.0.0.50>
ServerName brian.lnstar.com
                                                                      
+                                                                     
+   
<Perl>
        use lib qw# /home/httpd/htdocs/libs #;
</Perl>
                                                                      
+                                                                     
+   
PerlModule Apache
PerlModule Apache::Registry
PerlModule Apache::AuthCookie
PerlModule TestCookie::AuthCookieHandler
PerlSetVar TestCookiePath /
PerlSetVar TestCookieLoginScript /login.pl
PerlSetVar TestCookieExpires +2h
PerlSetVar AuthCookieDebug 3                                          
+                                                                     
+                               

<Files ~ "^\.pl">
#<Location />
   SetHandler perl-script
   PerlHandler Apache::Registry
   Options +ExecCGI
   allow from all
   PerlSendHeader On
#</Location>
</Files>
                                                                      
+                                                                     
+   
# These documents require user to be logged in.
<Location /protected>
 AuthType TestCookie::AuthCookieHandler
 AuthName TestCookie
 PerlAuthenHandler TestCookie::AuthCookieHandler->authenticate
 PerlAuthzHandler TestCookie::AuthCookieHandler->authorize
 Require user programmer
</Location>
                                                                      
+                                                                     
+   
                                                                      
+                                                                     
+   
#this is the action of the login.pl script above.
<Location /LOGIN>
 AuthType TestCookie::AuthCookieHandler
 AuthName TestCookie
 SetHandler perl-script
 PerlHandler TestCookie::AuthCookieHandler->login
</Location>
                                                                      
+                                                                     
+   
<Location /logout>
 AuthType TestCookie::AuthCookieHandler
 AuthName TestCookie
 SetHandler perl-script
 PerlHandler TestCookie::AuthCookieHandler->logout
</Location>
                                                                      
+                                                                     
+   
<Location /perl-status>
 SetHandler perl-script
 PerlHandler Apache::Status
</Location>
                                                                      
+                                                                     
+   
</VirtualHost>
[download]

logging in ( trying to access the /protected dir ) works properly with all the samples out of the distro.

logging out is sending me just the logout script back as plaintext. I've turnout on PerlSendHeader. i thought that would cover it as a blanket case. just in case ( well, it's still in the sampl), logout.pl has this line:

 
$r->content_type("text/html");
$r->status(200);
$r->send_http_header;
[download]

which should also send the right header.

and on a side ( but related ) note, if i change the

<Files>
[download]

to a <Location> directive, nothing works .... attempting to enter the /protected directory which fires off the AuthCookie handler give me:

access to /home/httpd/htdocs/protected/index.html failed for 10.0.0.50
+, reason: file permissions deny server execution
[download]

although all of my perms are OK, or at least wide open ( 777 ) for now, just to get things working. even my TestCookie::AuthCookieHandler module is 777 ...

I've been scanning the horsey book, going through the mod_perl FAQ ... and i can't find a thing.

i know i'm missing something obvious, aren't i?

Comment on more mod_perl configuration woes Select or Download Code

Replies are listed 'Best First'.
Re: more mod_perl configuration woes by simonm (Vicar) on Mar 10, 2004 at 02:36 UTC
(logging out was the real reason for using Apache::AuthCookie and not just AuthBasic in apache ). Logging out is possible with AuthBasic; just create a script that deliberately sends a 401 header and it will clear the browser's authentication cache. (Although looking at some other people's comments, this may be browser dependent...)	[reply]
Re: Re: more mod_perl configuration woes by valdez (Monsignor) on Mar 10, 2004 at 10:47 UTC
Some more infos about this: How do I log out? Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products. Consequently, the answer to this question is, you can't. Sorry. cited from Frequently asked questions about basic auth of Apache 1.3 documentation. Ciao, Valerio	[reply]
Re: more mod_perl configuration woes by perrin (Chancellor) on Mar 10, 2004 at 20:08 UTC
I think you'd be better off asking on the mod_perl mailing list, since I have never used this module. However, I think I see the logout problem. Like the login method, Apache::AuthCookie->logout does not generate a page and is not intended to handle requests directly. What you are supposed to do is take the logout.pl script in the distribution and set that up as your logout URL. It calls Apache::AuthCookie->logout internally, and also sends a response. Regarding your <Files> issue, I don't think you really want to set it up to execute every file under / through Apache::Registry. That error message you got says it was trying to execute index.html as perl code.	[reply]
Re: Re: more mod_perl configuration woes by geektron (Curate) on Mar 11, 2004 at 02:41 UTC
thanks. i did set up the logout as the Location like LOGIN, but it wouldn't do what i wanted. i've googled for days, and it looke like most people work around the issue ( like i did ) by hand-rolling a logout.cgi that just expires the cookies. it works, so TMTOWTDI i also changed the directives around after reading through the Horsey book again. i don't have it in front of me, but it was something like: `<Location /> <FilesMatch "\.(pl\|cgi)> Options +ExecCGI .... other stuff ... </FilesMatch> </Location>` [download] and that fixes the issue nicely.	[reply] [d/l]
Re: Re: Re: more mod_perl configuration woes by perrin (Chancellor) on Mar 11, 2004 at 05:23 UTC
I'm still not sure you understood what I meant about the logout. It is not supposed to be set up like the LOGIN one. You are supposed to just use a logout.cgi script like the one that is included in the distribution here. There is no additional httpd.conf stuff required to make logout work. The <FilesMatch> config you have above is redundant. The <Location> part is not doing anything. This is not a mod_perl issue but rather an apache configuration issue, so you should read the apache docs about it. There's a good intro here.	[reply]