[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problem with AuthCookieName and Apache

Thanks Almut, but:

> On Wed, Apr 20, 2005 at 07:23:27PM +0200, Francisco Castillo wrote:
> >  I has a problem with my configuration of AuthCookieName and Apache,
> >  I has a apache 1.3 on debian woody , i has this :
> >
> >  in http.conf
> >
> >  # permite tomar de una cookie el login y pass
> >  LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so
>
> (Note, this may be OK in your specific case -- I'm just mentioning it,
> because it's a subtle, but common, pitfall.)
>
> Have you made sure mod_auth_cookie is loaded _after_ the other
> mod_auth* module it is to work together with?  I assume you're using
> the regular mod_auth (file based) authentication mechanism
> (->AuthUserFile), so things would have to look like this:
>
> LoadModule auth_module        /usr/lib/apache/1.3/mod_auth.so
> LoadModule cookie_auth_module /usr/lib/apache/1.3/mod_auth_cookie.so

Yes, that is the order of LoadModules which i has in my httpd.conf, so i
think that is not the problem.

>
> This is due to the stack-like module semantics in apache 1.3.  Modules
> are processed in reverse order of their specification with LoadModule
> (or AddModule, when ClearModuleList is being used).
> As mod_auth_cookie fakes basic authentication information, which is
> then passed to mod_auth*, it needs to execute first.  Thus, is has to
> be loaded last of all auth modules being used.
>
> >
> >    header("Location: ./validado.php?numtarjeta=" . $numtarjeta . "&pin="
.
> >  $pin);
> >  ....
>
> Have you checked the cookie is actually available?  For this, you could
> insert a PHP statement like 'echo $HTTP_COOKIE_VARS["VisitorID"];' or
> 'print_r($_COOKIE);' in any of the access controlled pages.
>

Yes, i has check it, i am sure that the cookie is set in the browser ( i has
2 redirects php in order to sure this) before the folder is requested.

> Other than that, I don't really have any hints on what might be wrong
> with your setup -- looks OK at first glance, AFAICT.
>
> What exactly isn't working: are you being presented with the
> authentication dialog popup, although you'd expect the cookie to care
> of it?  Or is authentication not working at all (i.e. the page is being
> delivered without any authentication)?  Or, ...?

The authentications works, if i insert the login and pass it validates, the
problem is that cookie_auth_module must take the VisitorID cookie and pass
it to the auth_module but it is not happening.

Any other ideas ??

Thanks in advance,

Francisco .


>
> Almut
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
Reply to: