Return-Path: X-Original-To: apmail-perl-modperl-archive@www.apache.org Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 85A2518529 for ; Mon, 27 Jul 2015 18:24:27 +0000 (UTC) Received: (qmail 58559 invoked by uid 500); 27 Jul 2015 18:24:20 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 58516 invoked by uid 500); 27 Jul 2015 18:24:20 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 58505 invoked by uid 99); 27 Jul 2015 18:24:20 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Jul 2015 18:24:20 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 23B9C1911D0 for ; Mon, 27 Jul 2015 18:24:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id oNkicuEj3YEZ for ; Mon, 27 Jul 2015 18:24:07 +0000 (UTC) Received: from gwc02v1.gw.one-mail.on.ca (gwc02v1.gw.one-mail.on.ca [76.75.133.70]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 323E12C6DF for ; Mon, 27 Jul 2015 18:24:07 +0000 (UTC) Received: from smtpc03.tls.one-mail.on.ca (smtpc03.tls.one-mail.on.ca [10.245.154.10]) by gwc02v1.gw.one-mail.on.ca. with ESMTP id t6RINKj5009014 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 27 Jul 2015 14:23:20 -0400 Received: from mailhub1.lhsc.on.ca (mailhub1.lhsc.on.ca [142.158.2.26]) (authenticated bits=0) by smtpc03.tls.one-mail.on.ca with ESMTP id t6RINIG1032236 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 27 Jul 2015 14:23:19 -0400 Received: from lhscgwiao.lhsc.on.ca (lhscgwiao.lhsc.on.ca [172.17.32.186]) by mailhub1.lhsc.on.ca (8.14.4/8.14.4/Debian-4) with SMTP id t6RHpOWJ012487 for ; Mon, 27 Jul 2015 13:51:24 -0400 Received: from LH05-MTA by lhscgwiao.lhsc.on.ca with Novell_GroupWise; Mon, 27 Jul 2015 13:51:23 -0400 Message-Id: <55B63753020000E1000095F0@lhscgwiao.lhsc.on.ca> X-Mailer: Novell GroupWise Internet Agent 12.0.3 Date: Mon, 27 Jul 2015 13:51:15 -0400 From: "Steve van der Burg" To: , Subject: Re: Apache2::AuthCookie - semantics of WhatEverPath parameter? References: <55B66AA3.5070401@jhmg.net> In-Reply-To: <55B66AA3.5070401@jhmg.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Virus-Scanned: clamav-milter 0.98.5 at mailhub1 X-Virus-Status: Clean X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000 definitions=2015-07-27_02:2015-07-27,2015-07-27,1970-01-01 signatures=0 X-Proofpoint-Virus-Status: clean X-Proofpoint-Cluster: RL It is the path part of a URL. The HTML Cookie specification defines it, = and this is AuthCookie's way of letting you set it. If the request domain + path doesn't match those set in the cookie, then = the browser won't send the cookie to the server. When using cookies for non-auth purposes, there are lots of cases where = you would want something more specific than / (to set a preference = specific to an add at some.web.site/some/app, for example). You're right = that, for auth, it's hard to imagine when you wouldn't want to just leave = it as /. ...Steve --=20 Steve van der Burg Information Technology Services London Health Sciences Centre & St. Joseph's Health Care London (519) 685-8500 ext 35559 steve.vanderburg@lhsc.on.ca Jim Garrison wrote: > Every example for Apache2::AuthCookie shows >=20 > ... > WhatEverPath / > ... >=20 > but I can find nothing that explains what the value "/" represents. > Is it a URI? Later in the sample configs we see URIs to which > protection applies are defined by or tags, >=20 > How does the value of this parameter affect the behavior of AuthCookie, > and under what circumstances would its value not be "/"? >=20 > Thanks >=20 > --=20 > Jim Garrison (jhg@acm.org) > PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88 --------------------------------------------------------------------------= ------ This information is directed in confidence solely to the person named = above and may contain confidential and/or privileged material. This = information may not otherwise be distributed, copied or disclosed. If you = have received this e-mail in error, please notify the sender immediately = via a return e-mail and destroy original message. Thank you for your = cooperation.