Re: [MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https

[prev] [thread] [next] [Date index for 2005/04/05]

--nextPart1698873.d4tiaeWCLa
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 05 April 2005 00:59, Barry Hoggard wrote:
> I have Apache::AuthCookie 3.06 working fine with just http under this
> setup:
>
> httpd-2.0.53
> mod_perl-2.0.0-RC4
>
> However, when I redirect to https for the login page, $r->prev is now
> empty, so I don't have these values for my form:
>
> $r->prev->uri
> $r->prev->args
> $r->prev->subprocess_env("AuthCookieReason")
>
>
> What is the best way to do this?  I would prefer for the login page
> to be in https, and not just submit to https.  I'm using
> Apache::Session as well, but I don't know if there is a way to make
> sure that stuff gets into the session before I redirect to https.

If I understood you properly you are redirecting the browser from a HTTP=20
request to HTTPS. This involves browser interaction and is not an=20
internal redirect. prev() however works only with internal redirects,=20
e.g. $r->internal_redirect, ErrorDocument, CGI script emitting only a=20
"Location" header, ...

Since HTTP is a stateless protocol there is no other way of maintaining=20
state then transferring information from the server to the browser and=20
back. This is what cookies are made for.

Torsten

--nextPart1698873.d4tiaeWCLa
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCUjeawicyCTir8T4RAlztAKCe4ykAdnFhwdYDzjrsRDXI+/inzACfQjAk
cH2urRv6h2pwTt6CQMoK06E=
=lo1b
-----END PGP SIGNATURE-----

--nextPart1698873.d4tiaeWCLa--