On Friday, 26. April 2002 15:11, Tod Harter wrote:
> I have an XSP page like this.
>
> <?xml version="1.0"?>
> <?xml-stylesheet href="." type="text/xsp"?>
>
> <xsp:page
> language="Perl"
> xmlns:xsp="http://apache.org/xsp/core/v1";
> xmlns:session="http://www.apache.org/1999/XSP/Session";
> xmlns:auth="http://www.creITve.de/2002/XSP/Auth";
> xmlns:global="http://www.creITve.de/2002/XSP/Global"; >
>
> <page>
> <global:set-attribute name="foobar">Stuff</global:set-attribute>
> <global:get-attribute name="foobar"/>
> </page>
>
> </xsp:page>
Looks good. You could look at the demo page which is contained in the 1.5.2
release's demo subdir.
> <LOCATION /protected>
> AuthType Apache::AxKit::Plugin::Session
> AuthName AxKitSession
you are missing a 'require valid-user', or any require line at all, otherwise
the auth handlers will not be called by apache.
> PerlAuthenHandler Apache::AxKit::Plugin::Session->authenticate
> PerlAuthzHandler Apache::AxKit::Plugin::Session->authorize
> PerlSetVar AxKitSessionDir /home/tharter/httpd/sessions
> PerlFixupHandler Apache::AxKit::Plugin::Session->recognize_user
> PerlSetVar AxKitSessionGuest guest
> PerlSetVar AxKitSessionGlobal 0
Do not set this variable to an 'impossible' value. IF you are using the
default MD5 sid generator, this value must be a valid MD5 checksum, for
example '0'x32. The default ought to be OK, so you can just leave it out.
> PerlSetVar AxKitSessionLoginScript NONE
> AxAddXSPTaglib AxKit::XSP::Sessions
> AxAddXSPTaglib AxKit::XSP::Auth
> AxAddXSPTaglib AxKit::XSP::Global
> </LOCATION>
By the way, you are not using URL sessions in this configuration. See the docs
on how to enable that.
> I can get the <global:get-attribute/> tag to return whatever value I
> assign, but no persistence. I don't get it. Apache::Session just seems to
> never want to create a session at all. Now I had Apache::Session::File
> working fine with Mike's old Session taglib, but switching to the new one,
> nada.
This is most likely because of the second remark.
> When I tried setting up Auth with a login.xsp script I could get the form
> to come up, but then I ended up with the same problem, and no session id
> cookie ever seems to get created. Any BASIC things that I need to do here?
That's the first problem (missing 'require')
For your reference, here an excerpt from a live httpd.conf:
<Perl>
use Apache::AxKit::Plugins::Session '/redirect';
</Perl>
# set up globals
PerlSetVar AxKitSessionExpire 30
PerlSetVar AxKitSessionExpires +60m
PerlSetVar AxKitSessionLoginScript None
PerlSetVar AuthCookieURLDebug 0
PerlSetVar AxKitSessionDir /var/tmp/foo/bar
PerlSetVar AxKitSessionGuest guest
PerlModule Apache::Session::Flex
PerlSetVar AxKitSessionManager Apache::Session::Flex
# this one is because of strange deadlocks I did not resolve yet. dunno
# if it happens to others as well.
PerlAddVar AxKitSessionManagerArgs Store File Lock Null Generate MD5
PerlAddVar AxKitSessionManagerArgs Serialize Storable
<Location />
AuthType Apache::AxKit::Plugins::Session
AuthName AxKitSession
PerlAuthenHandler Apache::AxKit::Plugins::Session->authenticate
PerlAuthzHandler Apache::AxKit::Plugins::Session->authorize
require valid-user
</Location>
# this one makes a neat 'show login when accessing restricted area'
ErrorDocument 403 /redirect?url=/login.xsp
--
CU
Joerg
PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc
PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
