Re: setting user and logging

[prev] [thread] [next] [Date index for 2005/02/18]

Sean Davis wrote:
> I am using mod_perl 1.29 and apache 1.33 on macos.  I have a content
> handler that does its own authen and authz.  I would like to log the
> username.  When I set the user using $r->user($username) in the content
> handler, I don't see the username in my log.  I thought log handlers
> came after content, so why can't I see the username?  (I am doing custom
> logging into a database and get the username if I use basic auth in
> other scripts).

hmm, I'm confused here...

if you use any form of basic auth (such as calling $r->get_basic_auth_wd)
then $r->user should be set to whatever it is the user provided via the
Authorization header.

if you are using some kind of custom auth that isn't Basic auth then your
PerlAuthenHandler is required to set $r->user (and
$r->connection->auth_type) from the auth phase. see recipe 13.7 for an
example of what I mean

  http://www.modperlcookbook.org/chapters/ch13.pdf

so, then... why are you setting $r->user from the content handler and why do
you want it to be different than the user you authenticated?

but in any case, something is odd - if you set $r->user _after_
$r->get_basic_auth_pw() is called and use $r->user in your logger then you
should see the value you set.  if somehow $r->get_basic_auth_pw() is being
called after you set the value will be overwritten.  additionally, if there
are subrequests involved (like calls to internal_redirect, for example) then
$r->user can get mucked up since it's really $r->connection->user in apache
1.3 so it persists over the course of multiple keepalive requests...

so, after digesting all of that do you still have a problem?  if so we'll
figure it out :)

--Geoff