perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vivek Khera <>
Subject minor issue with Apache2::AuthCookie
Date Fri, 30 Sep 2005 20:33:39 GMT

I just converted my site from modperl1 to modperl2 and in the process  
(actually after deployment) discovered that AuthCookie is handling  
the retrieval of the credentials just slightly differently.

It turns out in modperl1, that if a credential had a space in it,  
when it was passed to the authen_cred() method, it had a space in  
it.  However, for modperl2, Apache2::AuthCookie has converted the  
space to a + (which is a shorthand encoding).

However, a ligitimate "+" in the credential is also being sent along  
as a + to the authen_cred() method, so you can't distinguish the two  

The AuthCookie implementations for getting the credentials out of a  
POST are very different between modperl1 (uses $r->content) and  
modperl2 (which uses what looks like and old version of the "compat"  
routine to fetch POST data).  I'm sure the difference lies somewhere  
in there.

It looks like it is calling Apache2::URI::unescape_url() as it should  
but it just isn't unescaping the +.

The credentials are as submitted by Firefox 1.5 if that matters.

Any clues on how to fix this?  I have some customers who will  
probably have problems logging in :-(

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message