wrote Authen module dealing with cookies : now POST requests get corrupted. Any advice ? - modperl

This is a discussion on wrote Authen module dealing with cookies : now POST requests get corrupted. Any advice ? - modperl ; Hi everybody, I recently wrote an extension to Apache2::AuthenNTLM in order to store the NTLM authentified username in a cookie (module http://search.cpan.org/dist/Apache2-AuthenNTLM-Cookie/ ). Now I found out that this module has a critical bug : the content of POST requests ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: wrote Authen module dealing with cookies : now POST requests get corrupted. Any advice ?

  1. wrote Authen module dealing with cookies : now POST requests get corrupted. Any advice ?

    Hi everybody,

    I recently wrote an extension to Apache2::AuthenNTLM in order to store
    the NTLM authentified username in a cookie (module
    http://search.cpan.org/dist/Apache2-AuthenNTLM-Cookie/).

    Now I found out that this module has a critical bug : the content of
    POST requests gets corrupted (bug
    http://rt.cpan.org/Ticket/Display.html?id=36847).

    I don't really know where to start to fix the bug. My hypothesis is that
    perhaps this is because I'm using Apache2::Cookie, which itself uses
    libaprequest, and maybe these modules are not meant to be used in an
    early Apache phase, and leave the input stream in an buggy state. I
    looked at a couple of other authentication modules using cookies, but
    they don't seem to use the Apache2::Cookie API.

    Is that the hypothesis correct ? Does anybody have good advice on that
    problem ?

    Thanks in advance,

    Laurent Dami



  2. Re: wrote Authen module dealing with cookies : now POST requestsget corrupted. Any advice ?

    Dami Laurent (PJ) wrote:
    > Hi everybody,
    >
    > I recently wrote an extension to Apache2::AuthenNTLM in order to store
    > the NTLM authentified username in a cookie (module
    > _http://search.cpan.org/dist/Apache2-AuthenNTLM-Cookie/_).
    >
    > Now I found out that this module has a critical bug : the content of
    > POST requests gets corrupted (bug
    > _http://rt.cpan.org/Ticket/Display.html?id=36847_).
    >
    > I don't really know where to start to fix the bug. My hypothesis is that
    > perhaps this is because I'm using Apache2::Cookie, which itself uses
    > libaprequest, and maybe these modules are not meant to be used in an
    > early Apache phase, and leave the input stream in an buggy state. I
    > looked at a couple of other authentication modules using cookies, but
    > they don't seem to use the Apache2::Cookie API.
    >
    > Is that the hypothesis correct ? Does anybody have good advice on that
    > problem ?


    There is a lot of code on CPAN using libapreq and/or Apache2::Cookie in
    every phase, so I very seriously doubt that that's a problem. The first
    thing i'd do in your situation would be to make sure that the bug
    doesn't exist in Apache2::AuthenNTLM, to confirm it's actually specific
    to you're extention.

    Telling us what exactly 'gets corrupted' means might help too (ie
    error_log details, or whatever you're seeing).

    Adam


+ Reply to Thread