LinuxSA Mailing list archives

  From: David Lloyd <lloy0076@rebel.net.au>
  To  : David Newall <davidn@rebel.net.au>
  Date: Mon, 09 Jul 2001 11:04:40 +0930

Re: Apache and HTTP Authentication

David!

> I think you have discovered the reason why HTTP session management is
> so hard.  Use PHP.

I actually use EmbPerl and EmbperlObject.

I finally got off my butt and setup Apache::Session and here's how I
handle it:

1) Get the user credentials using a normal login form (could be https)
2) If they authenticate, generate a session key/ticket for them
 - possibly including an expiry time
3) Have Apache::Session handle the key which is really easy using
Embperl, you just set the session classes up and stick it in the %udat
hash
4) Authentication done

The only glitch was that Embperl + Perl 5.6.0 every now and then have
issues with each other (Embperl was originally written under 5.00053 and
there have been subtle but significant changes between the two
flavours).

I also downloaded the RFC for HTTP itself and it surprised me how easy
it was to actually understand...

DSL
-- 
"The greatest thing you'll ever learn is
  just to love and to be loved in return."
  - David Bowie (Nature Boy from Moulin Rouge)

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject