perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Clarkson <>
Subject problem with Apache2::AuthCookie
Date Wed, 29 Jul 2009 19:32:19 GMT
I started having an odd problem with a simple subclass of
Apache2::AuthCookie after a mod_perl upgrade.  

When authorization fails, apache apparently returns a forbidden page to
the user (not just a forbidden status to the authentication hook) then
fails to redirect the user back to the login page.  The browser actually
displays the following:

ody> <h1>Forbidden</h1> <p>You don't have permission to access /archive/
on this server.</p> <p>Additionally, a 200 OK error was encountered
while trying to use an ErrorDocument to handle the request.</p> <hr>
<address>Apache Server at Port 80</address>
</body></html> HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 19:54:27 GMT
Server: Apache Keep-Alive: timeout=15, max=88 Connection: Keep-Alive
Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 fd6
<!-- -->
(The code can be seen in action at )

Authorization only seems to fail 1 out of 50 times.  A similar error
happens when the 'Continue' button on the page is pressed repeatedly (5+
times) without checking the 'I agree' checkbox.

I only need to make sure the user has checked a box agreeing to the
website's terms and conditions.  I don't use any kind of user/pass

perl 5.8.8
apache 2.2.11
mod_perl 2.0.4

My module code is:

package TermsAndConditions;
use strict;
use Apache2::compat;
use base qw! Apache2::AuthCookie !;

sub authen_cred ($$\@) {
   my $self = shift;  # Package name (same as AuthName directive)
   my $r    = shift;  # Apache request object
   my @cred = @_;     # Credentials from login form

   return ( $cred[0] ? "authorized" : undef );

sub authen_ses_key ($$$) {
   my ($self, $r, $session_key) = @_;
   return 1;


The relevant httpd.conf directives are:

<Directory /home/httpd/>
      SetHandler perl-script
      PerlHandler ModPerl::Registry
      Options +ExecCGI
      allow from all
      PerlSendHeader On

   SetHandler perl-script
   PerlHandler ModPerl::Registry
   Options +ExecCGI
   PerlSendHeader On

## These documents require user to be logged in.
<Directory /home/httpd/>
    Options +ExecCGI
    AuthType TermsAndConditions
    AuthName PsychoMembers
    PerlAuthenHandler TermsAndConditions->authenticate
    PerlAuthzHandler TermsAndConditions->authorize
    require valid-user
    #SetHandler perl-script
    #PerlSendHeader On

##this is the action of the script above.
<Location /apps/LOGIN>
    AuthType TermsAndConditions
    AuthName PsychoMembers
    SetHandler perl-script
    PerlSendHeader On
    PerlResponseHandler TermsAndConditions->login

View raw message