On Mon, Nov 13, 2017 at 8:28 PM, Adam Vest
<adam.vest@xxxxxxxxxxxxx.invalid> wrote:
> Evening everyone,
>
> I'm trying to make it so that only certain elements on a web page are
> visible to users logged in, and are otherwise not displayed using
> mod_include flow control. The only way I've been able to do that so far is
> to detect the cookie that the apache auth sets, which works sort of. Of
> course if I just manually set the cookie in my browser then the stuff shows
> and just confuses the whole setup I put. I know from reading the docs that
> %{REMOTE_USER} isn't exposed to these conditionals due to the order of
> operations. However, it'd be super-cool if it WERE. I know that filter
> processing can be tweaked to a degree with mod_filter, so I'm wondering if I
> can instruct apache to process authentication ahead of mod_include? I
> couldn't find anything directly saying yes or no, so figured I'd see if
> anyone on here knew one way or the other, or see if anyone had any other
> suggestions for accomplishing what I'm looking for.
>
> Appreciate your help!
That is surprising, an output filter like mod_include should not have
those limitations about variables being accessed "too early" like in
<if> because it is fundamentally evaluated so late.
Are you sure your user checking syntax was right? You can test outside
of SSI with Header set Foo SUCCESS expr="..." as a sanity check.
I was going to suggest using mod_session but I don't think it is any
safer if you access its cookie directly and I don't think there is
mod_session / expression integration.h
--
Eric Covener
covener@xxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|