Re: problem with AuthCookieName and Apache
On Wed, Apr 20, 2005 at 07:23:27PM +0200, Francisco Castillo wrote:
> I has a problem with my configuration of AuthCookieName and Apache,
> I has a apache 1.3 on debian woody , i has this :
> in http.conf
> # permite tomar de una cookie el login y pass
> LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so
(Note, this may be OK in your specific case -- I'm just mentioning it,
because it's a subtle, but common, pitfall.)
Have you made sure mod_auth_cookie is loaded _after_ the other
mod_auth* module it is to work together with? I assume you're using
the regular mod_auth (file based) authentication mechanism
(->AuthUserFile), so things would have to look like this:
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so
This is due to the stack-like module semantics in apache 1.3. Modules
are processed in reverse order of their specification with LoadModule
(or AddModule, when ClearModuleList is being used).
As mod_auth_cookie fakes basic authentication information, which is
then passed to mod_auth*, it needs to execute first. Thus, is has to
be loaded last of all auth modules being used.
> the file of .so exists as ls shows me
> -rw-r--r-- 1 root root 5684 Jun 25 2004
> the apache -l says
> morpheo:# apache -l
> Compiled-in modules:
> suexec: enabled; valid wrapper /usr/lib/apache/suexec
> the protected folder "protegida" has the
> morpheo:# cat .htaccess
> AuthType Basic
> AuthName El realm
> AuthUserFile /home/kiiop/claves/tienda
> require valid-user
> AuthCookieName VisitorID
> in my php file
> header("Location: ./validado.php?numtarjeta=" . $numtarjeta . "&pin=" .
Have you checked the cookie is actually available? For this, you could
insert a PHP statement like 'echo $HTTP_COOKIE_VARS["VisitorID"];' or
'print_r($_COOKIE);' in any of the access controlled pages.
Other than that, I don't really have any hints on what might be wrong
with your setup -- looks OK at first glance, AFAICT.
What exactly isn't working: are you being presented with the
authentication dialog popup, although you'd expect the cookie to care
of it? Or is authentication not working at all (i.e. the page is being
delivered without any authentication)? Or, ...?