The 403 approach is used by Apache::AuthCookie (unless I'm
mis-interpreting what I saw in traces).
The drawback with just switching run modes is that you'll return status
200 and the browser (and other devices) will cache your login page as the
contents of 'private'. Maybe this doesn't matter (it will be reload
soon, we could set a no-cache header, expire it immediately, ...)
I'm assuming that is the reason the Apache::AuthCookie modules send 403.
If I remember correctly, the NYTimes site does a bunch of redirects (302)
-- redirecting you to their login page and then redirecting again to the
original destination. After giving it some more thought, maybe this makes
more sense than 403 (and seems much less likely to cause these kinds of
problems).
--Mike
On Wed, 2 Oct 2002, John Walker wrote:
> Why are you trying to set a 403?
>
> Can't you just change the value of run mode and continue?
>
> > sub cgiapp_prerun
> > {
> > my ($self, $runmode) = @_;
> >
> > if ($runmode eq 'private' && $needs_auth) {
> > $runmode = 'login';
> > $self->prerun_mode($runmode);
> > }
> > }
> >
> > 1;
>
> REMOVE THESE:
>
> > $self->header_type('header');
> > $self->header_props(-status=>'403 Forbidden');
>
> In this case I do not think 'login' really has nothing to do with HTTPD 403
> in this case, its just the name of a subroutine in your module.
>
> John
>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.