PyroX has asked for the wisdom of the Perl Monks concerning the following question:

Say you have a cgi that does authentication, and a directory you want protected, you want to manually collect logon info and pass the user to that directory, can headers be sent to the client containing the proper storage sceme for the logon info so that when redirected the user will not be prompted by htaccess?

Replies are listed 'Best First'.
•Re: HTTPChallenge Client Headers
by merlyn (Sage) on May 21, 2003 at 07:22 UTC
    Most browsers respect a username and password in the URL as credentials for a BasicAuth challenge.

    But this is really the wrong design. If you want to authenticate a user, send the browser a cookie, and note that in a server-side database (even a lightweight database like Cache::FileCache). Then, when that same browser hits your protected area, just verify the cookie credential, turning the authentication into an authorization.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

Re: HTTPChallenge Client Headers
by Joost (Canon) on May 21, 2003 at 09:13 UTC
    start here and proceeed.

    I'm not really sure it's a good idea though. Why not make a script that authenticates the user, and pass the directory data (which should be in an unreachable location) through the script?


    -- #!/usr/bin/perl -np BEGIN{@ARGV=$0}s(^([^=].*)|=)()s; =Just another perl hacker\
Re: HTTPChallenge Client Headers
by hacker (Priest) on May 21, 2003 at 11:53 UTC
    I'm not sure I completely understand the question, but I'll try anyway..

    If you're trying to just get the data, while passing the authentication to the Basic Authentication you've got set up, you can do it in the following fashion (using LWP):

    use strict; use LWP::UserAgent; my $url = ''; my $browser = LWP::UserAgent->new(); $browser->protocols_allowed(["http", "https"]); unless ($browser->is_protocol_supported("https")) { die "Cannot use https:// URLs\n"; } $browser->credentials("", "My Realm", "johndoe", "0bScUr3d"); my $response = $browser->get($url);

    Work with this code snippet, and get something similar working in your CGI.. you should have no trouble from there.

Re: HTTPChallenge Client Headers
by dmitri (Priest) on May 21, 2003 at 03:40 UTC
    Suggestion: maybe you should break up your question into more than one sentence.
Re: HTTPChallenge Client Headers
by Abigail-II (Bishop) on May 21, 2003 at 12:52 UTC
    Is there a Perl question in your post?