[pubcookie-users] Application-controlled authorization
Ian Bicking
ianb at colorstudy.com
Fri Apr 15 15:19:57 PDT 2005
One thing I'd like to be able to do is control from my applications when
login is requird, but I'm not sure if I can do that with pubcookie. For
instance, lets say I configure this:
PubcookieAuthTypeNames EGNetID # and all the other stuff
<Location "/myapp/">
AuthType EGNetID
PubcookieAppID myapp
</Location>
Then I send a response like:
Status: 401 Unauthorized
WWW-Authenticate: EGNetID realm="myapp"
I was hoping that mod_pubcookie would see that and redirect the user to
the appropriate page. But no such luck. Is anything like this
possible? I'd like to be able to control restrictions without
reconfiguring Apache, and inside applications where I can't add
.htaccess files.
Or, if I just have to create a full response with a redirect to the
login server, that's okay too, but I'm not sure what's all involved with
that (there's some big cookies in there). It's also not clear why it
doesn't give a redirect... browser bugs with setting cookies on
redirect? Or use a Javascript redirect, which seems like a better
experience when possible.
--
Ian Bicking / ianb at colorstudy.com / http://blog.ianbicking.org
More information about the pubcookie-users
mailing list