$self->authen->logout();

hesco has asked for the wisdom of the Perl Monks concerning the following question:

I'm using CGI::Application::Plugin::Authentication.

I've written a logout form as follows:

sub logout_button {
  my $self = shift;
  my $q = $self->query();
  my $output = "";

  $output .= $q->start_form( -name => 'logout' );
  $output .= $q->hidden(-name => 'authen_logout', -value => '1');
  $output .= $q->submit(-value => 'logout');
  $output .= $q->end_form();

  return $output;
}
[download]

I then call this, from a runmode as:

$output .= $self->logout_button();
[download]

Viewing source from a browser includes:

<form method="post" action="/auth-test/dprnew2.cgi" enctype="multipart
+/form-data" name="logout">
<input type="hidden" name="authen_logout" value="1"  />
<input type="submit" name=".submit" value="logout" />
</form>
[download]

But when I try to logout now, expecting to see a new login form, I get instead, the following in the browser:

Forbidden
You don't have permission to access / on this server.

Apache/1.3.33 Ben-SSL/1.55 Server at 192.168.0.101 Port 443
[download]

I'm also using CGI::Application::Plugin::Authorization. And suspect that may be to blame. But why would I be forbidden from seeing a login form when I've logged out?

-- Hugh

Comment on $self->authen->logout(); Select or Download Code

Replies are listed 'Best First'.
Re: $self->authen->logout(); by cees (Curate) on Mar 09, 2006 at 16:05 UTC
I think you may have provided the wrong information here. Since the problem you are facing is a login page that will not display, that tells me that your logout probably worked successfully. Is it possible that you have marked all runmodes as requiring authorization? It would help if you showed your full configuration for Authorization and Authentication, and also which runmodes are restricted.	[reply]
Re: $self->authen->logout(); by spiritway (Vicar) on Mar 09, 2006 at 05:46 UTC
Not sure I'm even close, but maybe it's because you're no longer logged in, so no longer have the necessary permissions?	[reply]
Re: $self->authen->logout(); by hesco (Deacon) on Mar 09, 2006 at 19:21 UTC
Cees: Thanks for your reply. As requested: my $authdb = db600testauth::connect_admin(); DistroPrsRls_www->authen->config( DRIVER => [ 'DBI', DBH => $authdb, TABLE => 'userdb', CONSTRAINTS => { 'userdb.username' => '__CREDENTIAL_1__', 'userdb.password' => '__CREDENTIAL_2__' }, ], STORE => 'Session', POST_LOGIN_RUNMODE => 'login_welcome', # POST_LOGIN_CALLBACK => \&update_login_date, CREDENTIALS => [ 'authen_username','authen_password' ], LOGIN_SESSION_TIMEOUT => { IDLE_FOR => '15m', EVERY => '1h' }, ); DistroPrsRls_www->authz->config( DRIVER => [ 'DBI', DBH => $authdb, TABLES => ['userdb', 'groupmembers', 'groupdb'], JOIN_ON => 'userdb.uid = groupmembers.uid AND groupdb.gid = grou +pmembers.gid', USERNAME => 'userdb.username' , CONSTRAINTS => { 'groupdb.groupname' => '__PARAM_1__', } ], ); DistroPrsRls_www->authz('dpradmin')->config( DRIVER => [ 'DBI', DBH => $authdb, TABLES => ['userdb', 'groupmembers', 'groupdb'], JOIN_ON => 'userdb.uid = groupmembers.uid AND groupdb.gid = grou +pmembers.gid', USERNAME => 'userdb.username' , CONSTRAINTS => { 'groupdb.groupname' => '__PARAM_1__', } ], ); DistroPrsRls_www->authen->protected_runmodes(qr/^(login_\|admin_\|dpr_)/ +); [download] Then in each runmode, I have a line of code which looks like this: `return $self->authz->forbidden unless $self->authz->authorize('dpradmi +n');` [download] Hope that is helpful to a complete response. Thanks again. -- Hugh	[reply] [d/l] [select]