Java Mailing List Archive

http://www.apache-httpd.com/

Home » modperl.perl »

problem with Apache2::AuthCookie

Brian Clarkson

2009-07-29


Author LoginPost Reply
I started having an odd problem with a simple subclass of
Apache2::AuthCookie after a mod_perl upgrade.

When authorization fails, apache apparently returns a forbidden page to
the user (not just a forbidden status to the authentication hook) then
fails to redirect the user back to the login page. The browser actually
displays the following:


ody> <h1>Forbidden</h1> <p>You don't have permission to access /archive/
on this server.</p> <p>Additionally, a 200 OK error was encountered
while trying to use an ErrorDocument to handle the request.</p> <hr>
<address>Apache Server at www.psychonomic.org Port 80</address>
</body></html> HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 19:54:27 GMT
Server: Apache Keep-Alive: timeout=15, max=88 Connection: Keep-Alive
Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 fd6
<!-- psychonomic.org/templates/archive/frontpage.tmpl -->
(The code can be seen in action at http://www.psychonomic.org/archive )

Authorization only seems to fail 1 out of 50 times. A similar error
happens when the 'Continue' button on the page is pressed repeatedly (5+
times) without checking the 'I agree' checkbox.

I only need to make sure the user has checked a box agreeing to the
website's terms and conditions. I don't use any kind of user/pass
combinations.

perl 5.8.8
apache 2.2.11
mod_perl 2.0.4


My module code is:

package TermsAndConditions;
use strict;
use Apache2::compat;
use base qw! Apache2::AuthCookie !;

sub authen_cred ($$\@) {
 my $self = shift; # Package name (same as AuthName directive)
 my $r   = shift; # Apache request object
 my @cred = @_;   # Credentials from login form

 return ( $cred[0] ? "authorized" : undef );
}

sub authen_ses_key ($$$) {
 my ($self, $r, $session_key) = @_;
 return 1;
}

1;

The relevant httpd.conf directives are:

<Directory /home/httpd/psychonomic.org/modperl_apps>
 <Files login.pl>
   SetHandler perl-script
   PerlHandler ModPerl::Registry
   Options +ExecCGI
   allow from all
   PerlSendHeader On
 </Files>
</Directory>


<Files logout.pl>
 SetHandler perl-script
 PerlHandler ModPerl::Registry
 Options +ExecCGI
 PerlSendHeader On
</Files>

## These documents require user to be logged in.
<Directory /home/httpd/psychonomic.org/html/archive>
  Options +ExecCGI
  AuthType TermsAndConditions
  AuthName PsychoMembers
  PerlAuthenHandler TermsAndConditions->authenticate
  PerlAuthzHandler TermsAndConditions->authorize
  require valid-user
  #SetHandler perl-script
  #PerlSendHeader On
</Directory>

##this is the action of the login.pl script above.
<Location /apps/LOGIN>
  AuthType TermsAndConditions
  AuthName PsychoMembers
  SetHandler perl-script
  PerlSendHeader On
  PerlResponseHandler TermsAndConditions->login
</Location>




©2008 apache-httpd.com - Jax Systems, LLC, U.S.A.