From the rlease announcement:
"Additionally, we added formatting parameters to the AuthMySQLUserCondition and AuthMySQLGroupCondition
to allow comparisons against information from the request"
Does that mean I can have access to the Cookie header and use that information to authenticate the user? Any advice would be appreciated.
Cheers,
Gerhard
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, but authentication is very early in the communications. No data has been sent other than the initial get/post/header/whatever request. We have no access to cookies or any other content-related information.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am a bit confused. Maybe I should explain better what I am trying to do. I always assumed that the cookie was part of the header sent by the browser and should be available similar to for example "remote user".
What I want to do is to check for a session ID that is stored in a cookie and inside a database column. I then want to look up the user that has this session and grant or deny access based on this.
Cheers,
Gerhard
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The cookie may be part of the header - I didn't think so, but I really don't know. Never followed it down to that level, myself.
Your idea sounds good, and I think it's reasonable. However, I'm not sure right now if it can be done or not. I've been looking at the Apache documentation, and there is a call to get cookies. Whether it is valid at authorization/authentication time, I'm not sure, though.
At any rate - right now it's not in the module. I'm not positive on how to add it to the module because each cookie has its own ID. The other parameters don't require an id, so they're easy to implement.
<rambling>Perhaps implementing a new subsitution parameter such as %c (for cookie), and a new config parameter such as AuthMySQLCookieName would work. I'll have to think about this, </rambling>
At any rate, could you please enter this request in the RFE (Request for Enhancements) database? It's where we look when we're considering enhancements, rather than trying to go through all the forums. That we we'll be sure to look at it and figure out if it can be implemented.
Thanks,
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
From the rlease announcement:
"Additionally, we added formatting parameters to the AuthMySQLUserCondition and AuthMySQLGroupCondition
to allow comparisons against information from the request"
Does that mean I can have access to the Cookie header and use that information to authenticate the user? Any advice would be appreciated.
Cheers,
Gerhard
Hi, Gerhard,
Sorry, but authentication is very early in the communications. No data has been sent other than the initial get/post/header/whatever request. We have no access to cookies or any other content-related information.
Jerry
Hi Jerry,
I am a bit confused. Maybe I should explain better what I am trying to do. I always assumed that the cookie was part of the header sent by the browser and should be available similar to for example "remote user".
What I want to do is to check for a session ID that is stored in a cookie and inside a database column. I then want to look up the user that has this session and grant or deny access based on this.
Cheers,
Gerhard
Gerhard,
The cookie may be part of the header - I didn't think so, but I really don't know. Never followed it down to that level, myself.
Your idea sounds good, and I think it's reasonable. However, I'm not sure right now if it can be done or not. I've been looking at the Apache documentation, and there is a call to get cookies. Whether it is valid at authorization/authentication time, I'm not sure, though.
At any rate - right now it's not in the module. I'm not positive on how to add it to the module because each cookie has its own ID. The other parameters don't require an id, so they're easy to implement.
<rambling>Perhaps implementing a new subsitution parameter such as %c (for cookie), and a new config parameter such as AuthMySQLCookieName would work. I'll have to think about this, </rambling>
At any rate, could you please enter this request in the RFE (Request for Enhancements) database? It's where we look when we're considering enhancements, rather than trying to go through all the forums. That we we'll be sure to look at it and figure out if it can be implemented.
Thanks,
Jerry
Using the firefox "live http headers" extension it sure looks like as if the cookie is ent as part of the header.
They should be in the headers_in table. I've modified my copy of mod-auth_mysql a bit and wll see if I have any luck.
I will also enter the RFE.
Cheers,
Gerhard