#12 Post Auth SQL


Please consider adding a parameter to hold an SQL statement that is
execute after authentication. You might also consider separate params for
success and failure. The immediate use for this is logging, but you could
imagine a number of other uses such as initializing or updating session
data. - mt


  • Jerry Stuckle

    Jerry Stuckle - 2006-10-15

    Logged In: YES

    Success/failure is already logged in the Apache log.

    We will consider the possibility of executing another SQL
    statement after successful/unsuccessful logging. However,
    this would not be a good place for initializing or updating
    sessoin data.

    If this is the first time, the session would not be created
    yet. Additionally, authentication/authorization takes place
    on ANY access to a protected resource - the first time your
    browser pops up a window requesting your userid/password,
    and just uses that information in later requests.
    Authentication/authorization still takes place, however, and
    mod_auth_mysql is called.

  • Jerry Stuckle

    Jerry Stuckle - 2006-10-15
    • assigned_to: nobody --> jstuckle
  • Jeremy

    Jeremy - 2007-11-29

    Logged In: YES
    Originator: NO

    I can see this as very important so we can track login failures (to see possible password hurlers) and multiple logins from different IPs that could note password sharing. So a success and failure extra SQL statements are important.


Log in to post a comment.