Thank You for answering my post. Im only a perl newbie, I read something
that gave me the idea that this would be handled by cgi thats why I posted
here.
So what your saying is:- by virtue of the fact that a user has been
authenticated, if they try to access a protected page. Then the server
will decide whether to serve that page or not. All we have to do is use .htaccess
files and/or entries in
httpd.conf.
Colin
Bob Showalter <[EMAIL PROTECTED]>
12/11/2003 11:52 PM
To: Colin Johnstone/Australia/Contr/[EMAIL PROTECTED], [EMAIL PROTECTED]
cc:
Subject: RE: REMOTE_USER
Colin Johnstone wrote:
> Gidday All,
>
> We are running AIX on an IBM HTTP server with IHS.
>
> We are serving static HTML pages. Some of these pages are to
> be protected.
OK. That's the job of the web server, so you need to configure it to
protect
those pages. With Apache, you use .htaccess files and/or entries in
httpd.conf. I assume IHS has something similar.
>
>
> I assume I place the restricted pages in a particular
> directory and then
> protect that directory.
>
> Once authenticated a user should be able to view protected
> pages without
> logging in again for the duration of the session.
Right. Under basic authentication, the browser caches the credentials and
supplies them automatically for any 401 responses.
What does this have to do with Perl?
>
> I understand that once a user is authenticated their (userId) email
> address will be stored in the environment variable
> REMOTE_USER for access
> by cgi-scripts.
The environment variables are set by the web server prior to invoking the
CGI script.
>
> Now what I don't understand is how from a static HTML page
> can I check
> this REMOTE_USER variable automatically. Of course the first
> time they
> visit a page in the protected directory they will be prompted
> for their
> username and password, but then what?
You don't check it from static pages. The web server checks the
authentication credentials (from the HTTP request, not the environment),
and
either serves or doesn't serve the static page.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
