Skip Menu |

This queue is for tickets about the Apache-AuthCookie CPAN distribution.

Report information
The Basics
Id: 12045
Status: rejected
Priority: 0/
Queue: Apache-AuthCookie

People
Owner: Nobody in particular
Requestors: Vegard.Vesterheim [...] uninett.no
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: Errant error messages, interaction with Apache::AuthCookieDBI
ache::AuthCookie.pm 3.06 Apache::AuthCookieDBI.pm 1.19 (but probably applies to later versions aswell) perl 5.8.5 NetBSD nsa.uninett.no 2.0 NetBSD 2.0 (GENERIC) Apache::AuthCookie supplies the method recognize_user(): "If the user has provided a valid session key but the document isn't protected, this method will set $r->connection->user anyway. Use it as a PerlFixupHandler, unless you have a better idea." This method calls Apache::AuthCookieDBI->authen_ses_key, which issues error messages when the Cookie is not acknowledged. But the document is not protected, so no error message should be issued. Could possibly be solved by an extra parameter 'ignore_errors' to the authen_ses_key method. Will report this in Apache::AuthCookieDBI aswell.
Show quoted text
> Apache::AuthCookie supplies the method recognize_user(): > > "If the user has provided a valid session key but the document isn't > protected, this method will set $r->connection->user > anyway. Use it as a PerlFixupHandler, unless you have a better > idea." > > This method calls Apache::AuthCookieDBI->authen_ses_key, which issues > error messages when the Cookie is not acknowledged. But the > document is not protected, so no error message should be issued. > Could possibly be solved by an extra parameter 'ignore_errors' to > the authen_ses_key method. Will report this in > Apache::AuthCookieDBI aswell.
If you still care about this, AuthCookieDBI is probably the place where this should be dealt with. The error message originates from there, so AuthCookieDBI would need to provide you with a mechanism to squash it (perhaps with a config variable?). I don't think its a good idea to add parameters to authen_ses_key(), since it is a virtual method, and the interface has been stable for nearly a decade.