Re: problem with AuthCookieName and Apache

To: debian-user@lists.debian.org
Subject: Re: problem with AuthCookieName and Apache
From: Almut Behrens <almut_behrens@gmx.net>
Date: Thu, 21 Apr 2005 03:41:00 +0200
Message-id: <[🔎] 20050421014100.GJ31499@citadelle.homelinux.net>
In-reply-to: <[🔎] 03cd01c545cd$aa58dd90$1400a8c0@hostgreportati>
References: <[🔎] 03cd01c545cd$aa58dd90$1400a8c0@hostgreportati>

On Wed, Apr 20, 2005 at 07:23:27PM +0200, Francisco Castillo wrote:
>  I has a problem with my configuration of AuthCookieName and Apache, 
>  I has a apache 1.3 on debian woody , i has this :
> 
>  in http.conf
> 
>  # permite tomar de una cookie el login y pass
>  LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so

(Note, this may be OK in your specific case -- I'm just mentioning it,
because it's a subtle, but common, pitfall.)

Have you made sure mod_auth_cookie is loaded _after_ the other
mod_auth* module it is to work together with?  I assume you're using
the regular mod_auth (file based) authentication mechanism
(->AuthUserFile), so things would have to look like this:

LoadModule auth_module        /usr/lib/apache/1.3/mod_auth.so
LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so

This is due to the stack-like module semantics in apache 1.3.  Modules
are processed in reverse order of their specification with LoadModule
(or AddModule, when ClearModuleList is being used).
As mod_auth_cookie fakes basic authentication information, which is
then passed to mod_auth*, it needs to execute first.  Thus, is has to
be loaded last of all auth modules being used.

> 
>  the file of .so exists as ls shows me
> 
>  -rw-r--r--    1 root     root         5684 Jun 25  2004
>  /usr/lib/apache/1.3/mod_auth_cookie.so
> 
>  the apache -l says
> 
>  morpheo:# apache -l
>  Compiled-in modules:
>    http_core.c
>    mod_so.c
>    mod_macro.c
>  suexec: enabled; valid wrapper /usr/lib/apache/suexec
> 
>  the protected folder "protegida" has the
>  morpheo:# cat .htaccess
>  AuthType Basic
>  AuthName El realm
>  AuthUserFile /home/kiiop/claves/tienda
>  require valid-user
>  AuthCookieName VisitorID
> 
>  in my php file
>  ....
>    setcookie("VisitorID","$numtarjeta:$pin",time()+7200);
>    header("Location: ./validado.php?numtarjeta=" . $numtarjeta . "&pin=" .
>  $pin);
>  ....

Have you checked the cookie is actually available?  For this, you could
insert a PHP statement like 'echo $HTTP_COOKIE_VARS["VisitorID"];' or
'print_r($_COOKIE);' in any of the access controlled pages.

Other than that, I don't really have any hints on what might be wrong
with your setup -- looks OK at first glance, AFAICT.

What exactly isn't working: are you being presented with the
authentication dialog popup, although you'd expect the cookie to care
of it?  Or is authentication not working at all (i.e. the page is being
delivered without any authentication)?  Or, ...?

Almut

Reply to:

Follow-Ups:
- Re: problem with AuthCookieName and Apache
  - From: "Francisco Castillo" <fcastillo@hostgreen.com>

References:
- problem with AuthCookieName and Apache
  - From: "Francisco Castillo" <fcastillo@hostgreen.com>

Prev by Date: Re: Default browser question
Next by Date: upgrade from 2.4 to 2.6: unknown symbols
Previous by thread: problem with AuthCookieName and Apache
Next by thread: Re: problem with AuthCookieName and Apache
Index(es):
- Date
- Thread