Hi, I posted the follow to the mod_perl list:I'm trying to protect a directory using Apache2::AuthCookieDBI with the following .htaccess (I have to use htaccess)
-------------------- PerlModule Apache2::AuthCookieDBI PerlSetVar berlinPath /berlin/ PerlSetVar berlinLoginScript /login.pl PerlSetVar berlinSessionTimeout +2h PerlSetVar berlinDBI_DSN "DBI:mysql:database=berlin" PerlSetVar berlinDBI_SecretKey "secret" # DBI access stuff... PerlSetVar berlinDBI_User "user" ... etc ... # Protected by AuthCookieDBI. AuthType Apache2::AuthCookieDBI AuthName berlin PerlAuthenHandler Apache2::AuthCookieDBI->authenticate PerlAuthzHandler Apache2::AuthCookieDBI->authorize require valid-user # Login location. <Files LOGIN> AuthType Apache2::AuthCookieDBI AuthName berlin SetHandler perl-script PerlHandler Apache2::AuthCookieDBI->login </Files> --------------------When I go to my protected URL www.myserver.com/berlin/ I am presented with the login form which I've added some status variables to, the status is that there is no cookie present, which is to be expected since nothing has been set yet. Once I send authentication variables I am still not logged in and I'm given a new URL www.myserver.com/berlin/LOGIN which is still expected behaviour, but the status variable is still "no cookie" which means no cookie is being set. This makes me suspect that I am just dumb and doing something super-basic wrong, but I can't figure it out.
Vegard Vesterheim on the mod_perl list suggested the cause was "related to Apache issuing subrequests for directory requests. Check out this thread: http://marc.info/?t=119996312400002&r=1&w=2 "
If this is true then I have trouble believing that this issue hasn't been addressed at the module level (AuthCookieDBI) since protecting various directories seems pretty standard.
Anyway, my solution for now is to just protect the *.pl files <Files ~ "\.(pl)$"> and redirect the index to index.pl which is not elegant but works. Is there a better way?
Thank-you! Tosh -- McIntosh Cooey - Twelve Hundred Group LLC - http://www.1200group.com/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|