httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vedavyas Raichur" <>
Subject Re: Question on apache subprequest
Date Mon, 27 Nov 2006 12:17:08 GMT
Thanks for the reply.
-- No the client is just getting the second cookie as the "cookie value" coz
i use the same cookie name.

--- i am using ap_hook_access_checker & have mod_ssl configured for client
authentication. But in addition to what mod_ssl does the module needs to do
some extra checks & create a key. I am not able to figure out a way in which
i ll be creating the key just once for every new client that logs in.

--- Do i need to store some state information about my module? What is the
best way to do that if this has to be persistent for the lifetime of request
( but should be safe with internal redirects, is request_config meant for
similar purpose?). Should i be the one who should set this r->user field ?

It would be of great help if there is some documentation on how apache
handles subrequests, internal redirects differently.


On 11/27/06, Nick Kew <> wrote:
> On Mon, 27 Nov 2006 15:22:59 +0530
> "Vedavyas Raichur" <> wrote:
> > Hi all,
> >      I have a problem with my authentication handler. When the
> > authentication succeeds i create a new key and pass it off as cookie
> > to the client. But it seems the key is getting created twice as the
> > hook is invoked twice.

Is that a problem?  Is your cookie reaching the client twice?
> > I just got around this by using ap_is_initial_request(), but is it
> > appropriate or safe to skip the  authentication for a subrequest?
> Careful with your terminology there.  It's more likely an internal
> redirect than a subrequest.  An internal redirect is what you get
> for example when mod_dir maps "/" to "/index.html".
> So to answer your question: no it's not safe to authenticate
> only if ap_is_initial_request.  An internal redirect may happen
> before the authentication phase, for example when you use the
> Alias directive.
> What you can do when ap_isn't_initial_request is check the r->user
> field in the parent request or previous request (depending on
> whether it's a subreq or internal redirect).  That'll be set if
> authentication already happened.
> --
> Nick Kew
> Application Development with Apache - the Apache Modules Book

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message