mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username)

monarch has asked for the wisdom of the Perl Monks concerning the following question:

I recently switched a web application (TWiki) from being webauth-based to CGI::Session based.

That's all good, except now the access_log never logs the authenticated user viewing a page.

I'm guessing I need to write a mod_perl handler that will retrieve the authenticated username from the CGI::Session and then somehow pass that to Apache to use when writing out the log entry?

Any guidance or pointers would be much appreciated. Here is the beginning of what I expect I'd need:

sub handler { use CGI::Session; # check CGI session my $session = new CGI::Session(); my $authuser = $session->param( 'AUTHUSER' ); # pass authuser to Apache log handler $r->set_remote_user_or_something( $authuser ); }
[download]

Update: it appears that I want something like the following:

use CGI::Session;

sub handler {
    my ($r) = @_;

    # check CGI session
    my $session = new CGI::Session();
    my $authuser = $session->param( 'AUTHUSER' );

    # pass authuser to Apache log handler
    $r->user( $authuser ) if ( $authuser );

    # handle page
    # ...
}
[download]

Comment on mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username) Select or Download Code

Replies are listed 'Best First'.
Re: mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username) by Errto (Vicar) on Nov 08, 2005 at 02:50 UTC
It would appear that the `user` method in `Apache2::RequestRec` under mod_perl2 allows you to set, as well as retrieve, the user ID. See the docs. Actually, I'm glad you suggested that because it gives me an idea - I have a situation where I'd really love to use a PerlAuthzHandler but it doesn't work because the user ID is sent through a custom header field or cookie instead of an actual HTTP user.	[reply] [d/l] [select]
Re^2: mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username) by monarch (Priest) on Nov 09, 2005 at 05:42 UTC
Apparently I can do it with Apache 1 as well.. Running `httpd -v` gives me: `Server version: Apache/1.3.27 (Unix) (Red-Hat/Linux) Server built: Mar 15 2005 14:49:39` [download] The final handler I used (not the one given for the thread question) was the following for handling CGI scripts: `<Perl> { package SessionLogAndHandle; use CGI::Session; use Apache::PerlRun; sub handler { my ( $r ) = @_; { my $s = CGI::Session->new(); my $authuser = $s->param( 'AUTHUSER' ); $r->user( $authuser ) if ( $authuser ); } # I want $s to go out of scope return( Apache::PerlRun->handler( $r ) ); } } </Perl> <Directory "/var/www/myproject/bin"> Options +ExecCGI SetHandler perl-script PerlHandler SessionLogAndHandle Allow from all </Directory>` [download] Update: removed superfluous session flush because I wasn't modifying the session.	[reply] [d/l] [select]
Re: mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username) by EvanCarroll (Chaplain) on Nov 08, 2005 at 02:31 UTC
You might want to check out Log::Log4perl and the Log4j docs, it is on my list of things to do. I have never had to accomplish this task; however, this would apear to be the tool to do it. Good luck, and please follow up with your solution, I'm curious to know what you decide on. Evan Carroll www.EvanCarroll.com	[reply]
Re: mod_perl, Apache access_log, and CGI::Session (Logging Authenticated Username) by srdst13 (Pilgrim) on Nov 09, 2005 at 00:02 UTC
For authentication and authorization under mod_perl (note this is NOT exactly what the OP was asking about), be sure to check out chapter 6 of the modperl book for some nice examples. Sean	[reply]