http://www.perlmonks.org?node_id=511687

jeteve has asked for the wisdom of the Perl Monks concerning the following question:

Hi !

I'd like to make a component that forces the user to authenticate again. I founded how to do it in php, this is simple as that:

<?php Header("WWW-Authenticate: Basic realm=\"My Realm\""); Header("HTTP/1.0 401 Unauthorized"); echo "You canceled authentication\n"; exit; ?>

But I cannot figured out how to do it in mason. I tried:

<%flags> inherit=> undef </%flags> <%perl> $m->autoflush(0); $m->clear_buffer(); $r->header_out->add("WWW-Authenticate" => 'Basic realm="RealmChain"'); $r->header_out->add("HTTP/1.0 401 Unauthorized" => ''); $r->send_http_header(); $m->abort(); </%perl>
But it just make my browser display a void page.

Could anybody can help ?

Thanks ! Jerome.

-- Nice photos of naked perl sources here !

Replies are listed 'Best First'.
Re: [Mason] Sending right header to force http basic authentication
by simonm (Vicar) on Nov 26, 2005 at 03:51 UTC
    See this section of the Mason documentation.

    Perhaps semething like this:

    <%perl> $m->autoflush(0); $m->clear_buffer(); $r->header_out->add("WWW-Authenticate" => 'Basic realm="RealmChain"'); $r->send_http_header(); $m->abort("401 Unauthorized"); </%perl>
      This doesn't seem to work. Although abort() forced the correct status (401), it somehow removed the WWW-Authenticate header:
      $r->header_out->add("WWW-Authenticate" => 'Basic realm="RealmChain"'); $r->send_http_header();
        try : $r->err_header_out instead of $r->header_out
Re: [Mason] Sending right header to force http basic authentication
by Anonymous Monk on Nov 28, 2005 at 21:43 UTC
    I think you are going to find that this is highly browser-dependent as well... in general basic auth does not support forcing a user to re-authenticate! http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq