Re: Auth handler and Registry scripts

[prev] [thread] [next] [Date index for 2005/01/19]

From: Sean Davis
Subject: Re: Auth handler and Registry scripts
Date: 18:20 on 19 Jan 2005
On Jan 19, 2005, at 11:03 AM, Joe Schaefer wrote:

> Sean Davis <sdavis2@xxxx.xxx.xxx> writes:
>
>> On Jan 19, 2005, at 10:11 AM, Sean Davis wrote:
>>
>>> This is a simple not-understanding-the-issues question, I'm sure.  I
>>> have an authen handler (that used Apache::Request, Apache::Cookie, 
>>> and
>>> Apache::Session) in front of a uri serving a Registry script that
>>> runs using CGI.  The script works fine without the handler in place,
>>> but when I put the handler in place (which also seems to do what I
>>> want), I seem to be losing the ability to do post requests (I get the
>>> content, but the changes made on the previous form page are not
>>> reflected on the update).  Is the issue that I need to change all the
>>> post parameters to args for a get and do a redirect?
>>>
>>
>> I tried it (changing post to get, that is).  Fixed the problem.
>
> If you're using mp2, that shouldn't be necessary. If you
> are, can you be more specific about the problem?  Also, which
> version of Apache::Request are you using?
>
> -- 
> Joe Schaefer
>

Thanks Joe, Tom, and Geoff for the replies.  To answer all of you:

I am NOT using mp2 and I think the behavior is documented for mp1, as 
others have suggested.  As for using Apache::Request->instance(), the 
CGI code is legacy code and uses CGI.pm exclusively, so I don't have 
the option of using the Apache::Request object without some code wading 
(not now).  Just out of curiosity, though, will something as simple as:

$r = Apache::Request->instance();
$q = CGI->new($r);

work when using the instance method under mp1 regardless of whether the 
Apache::Request->instance() has been used in a prior handler?

As for the URI lengths and logging, I do custom logging to a private 
RDBM, so not a big deal.  Also, since the GET is done WITHIN the 
request (VERY COOL, mod_perl is) and NOT as a redirect, the browser URL 
is never updated, so to the user, it appears like a post and security 
isn't so much an issue.  The username and password never pass through a 
GET method; in fact, the CGI script doesn't even know that the 
Authentication process has occurred.

Thanks again,
Sean

(message missing)

Auth handler and Registry scripts
Sean Davis 15:11 on 19 Jan 2005

Re: Auth handler and Registry scripts
Sean Davis 15:36 on 19 Jan 2005

Re: Auth handler and Registry scripts
Joe Schaefer 16:03 on 19 Jan 2005

Re: Auth handler and Registry scripts
Sean Davis 18:20 on 19 Jan 2005

Re: Auth handler and Registry scripts
Joe Schaefer 18:45 on 19 Jan 2005

Re: Auth handler and Registry scripts
Sean Davis 19:38 on 19 Jan 2005

Re: Auth handler and Registry scripts
Tom Schindl 16:54 on 19 Jan 2005

Re: Auth handler and Registry scripts
Geoffrey Young 19:51 on 19 Jan 2005

Generated at 09:05 on 06 Feb 2005 by mariachi v0.52