Apache2::AuthCookie is a Perl Authentication and Authorization module via cookies.
Make sure your mod_perl is at least 1.24, with StackedHandlers, MethodHandlers, Authen, and Authz compiled in.
# In httpd.conf or .htaccess:
PerlSetVar WhatEverPath /
PerlSetVar WhatEverLoginScript /login.pl
# use to alter how "require" directives are matched. Can be "Any" or "All".
# If its "Any", then you must only match Any of the "require" directives. If
# its "All", then you must match All of the require directives.
# Default: All
PerlSetVar WhatEverSatisfy Any
# The following line is optional - it allows you to set the domain
# scope of your cookie. Default is the current domain.
PerlSetVar WhatEverDomain .yourdomain.com
# Use this to only send over a secure connection
PerlSetVar WhatEverSecure 1
# Use this if you want user session cookies to expire if the user
# doesn't request a auth-required or recognize_user page for some
# time period. If set, a new cookie (with updated expire time)
# is set on every request.
PerlSetVar WhatEverSessionTimeout +30m
# to enable the HttpOnly cookie property, use HttpOnly.
# this is an MS extension. See:
PerlSetVar WhatEverHttpOnly 1
# Usually documents are uncached - turn off here
PerlSetVar WhatEverCache 1
# Use this to make your cookies persistent (+2 hours here)
PerlSetVar WhatEverExpires +2h
# Use to make AuthCookie send a P3P header with the cookie
# see http://www.w3.org/P3P/ for details about what the value
# of this should be
PerlSetVar WhatEverP3P "CP="...""
# These documents require user to be logged in.
< Location /protected >
PerlAuthenHandler Sample::AuthCookieHandler- >authenticate
PerlAuthzHandler Sample::AuthCookieHandler- >authorize
< /Location >
# These documents don't require logging in, but allow it.
< FilesMatch ".ok$" >
PerlFixupHandler Sample::AuthCookieHandler- >recognize_user
< /FilesMatch >
# This is the action of the login.pl script above.
< Files LOGIN >
PerlResponseHandler Sample::AuthCookieHandler- >login
< /Files >
WARNING! This is an early version of Apache::AuthCookie for mod_perl version 2. If you are running under mod_perl version 2, this module should be considered of beta quality. If you are a subclass author and would like to see additional changes (besides those listed in README.modperl2) to the interface provided by this module under mod_perl version 2, please contact me at email@example.com. The interface for mod_perl version 1 has not changed.
Apache::AuthCookie allows you to intercept a user's first unauthenticated access to a protected document. The user will be presented with a custom form where they can enter authentication credentials. The credentials are posted to the server where AuthCookie verifies them and returns a session key.
The session key is returned to the user's browser as a cookie. As a cookie, the browser will pass the session key on every subsequent accesses. AuthCookie will verify the session key and re-authenticate the user.