Many thanks, Craig. I knew I had some learning to do, but now I know what to look for. Drew -----Original Message----- From: Craig Dunigan [mailto:cdunigan@xxxxxxxxxxxxx] Sent: Wednesday, May 25, 2005 9:22 AM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] Automatic script execution whenever a directory is referenced On Wed, 25 May 2005 Drew.Shelton@xxxxxxxxxxxx wrote: > Re-posting by request... > > -----Original Message----- > From: Drew.Shelton@xxxxxxxxxxxx [mailto:Drew.Shelton@xxxxxxxxxxxx] > Sent: Tuesday, May 24, 2005 12:48 PM > To: users@xxxxxxxxxxxxxxxx > Subject: RE: [users@httpd] Automatic script execution whenever a > directory is referenced > > > [snip] > > Craig, > > >Owen's last point is the key one. You should use some form of session > >management to do this, and there are many options for that. For your "CGI" > >idea, you'll need to write your own authentication handler for files in that > >directory, written as a module, of course. At that point, session management > >starts to look a whole lot easier. > > Thanks, Craig. I'm a newbie to Apache, but I've written a script that already > functions as an "authentication handler" when I point my browser directly to it. > The problem was to get it invoked automatically before any other files. I was > not expecting to write a module. Judging from that and from the technical > detail you supplied, I don't think I should go there just yet. > > I have no idea what "session management" is. Where can I find info on that? > > >[Warning! Nitpicky technical details follow!] > > [snip] > > Thanks again, > Drew > > Thanks, Drew. One of these days I'll stop deleting emails I mean to reply to. Don't hold your breath, though. Session management in this context means maintaining state even though HTTP is a stateless protocol. That means something on the server side has to assign a unique session ID of some kind to each incoming connection and keep a persistent store of variables (the session "state") associated with that ID, and the client has to have some way of receiving that session ID and resubmitting it with each request. This is usually handled with a cookie that contains the session ID and state, although sometimes the state is maintained (usually in a database) on the server side, to prevent client tampering. When connected with authN/authZ, it also means that the server must verify that cookie in some way before allowing access, and know to re-authenticate the browser when the session is expired. Using session management often means writing your own code, but there are some pre-made packages that can do simple stuff via httpd.conf only. Which one you use kind of depends on which scripting language you're most comfortable with. Try Googling for "apache session <language name>", or just "apache session" if you want to see all of what's out there. Some things I know of off the top of my head are Apache::SessionManager (perl) and pubcookie, although the latter might be overkill for your situation. HTH, Craig --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx