Authentication - Help with mod_perl (Apache-AuthCookie)

I want to be able to authenticate users without the user having to go through a login page (the user will have already logged into another server before getting to the pages that I want to protect). The login information will be sent with the url string:

      http://my.server.com?user=userName&password=password

I then want Apache to authenticate based on that information. The Apache configuration looks something like the following:

  PerlSetVar WhatEverLoginScript /LOGIN
  :
  :

  # This is the action of the LOGIN script above.
  <Files LOGIN>
   AuthType Sample::AuthCookieHandler
   AuthName WhatEver
   SetHandler perl-script
   PerlResponseHandler Sample::AuthCookieHandler->login
  </Files>

Notice that the login script is going directly to AuthCookieHandler rather than to a login page where the user might manually enter a userName and password. I have this mostly doing what I want except I can't get the original html page to load, even after the authentication cookie is set, the "Forbidden" page is still being displayed in the browser window. If I then refresh the page it then loads as it should (being authenticated). My login handler looks like the following:

  sub login {
    my ($self, $r) = @_;
    my $debug = $r->dir_config("AuthCookieDebug") || 0;

    my $auth_type = $r->auth_type;
    my $auth_name = $r->auth_name;
   
    # Get the args that are sent with the page containing
    # the username and password.
    my $args = $r->prev->args;
    my @argArray=split("\&",$args);

    # Get the credentials from the data posted by the client
    my @credentials;
    my $userName=(split("=",$argArray[0]))[1];
    my $passWord=(split("=",$argArray[1]))[1];
    push @credentials, $userName;
    push @credentials, $passWord;

    # save creds in pnotes so login form script can use them if it wants to
    $r->pnotes("${auth_name}Creds", \@credentials);

    # Exchange the credentials for a session key.
    my $ses_key = $self->authen_cred($r, @credentials);

    unless ($ses_key) {
        $r->server->log_error("Bad credentials") if $debug >= 2;
        $r->subprocess_env('AuthCookieReason', 'bad_credentials');
        $r->uri($r->prev->unparsed_uri);
        return $auth_type->login_form($r);
    }

    $self->send_cookie($r, $ses_key);
    $self->handle_cache($r);
   
    # Get the page and load it after authentication has
    # taken place.
    my $theURI=$r->prev->unparsed_uri;

    # The following line is not loading the page correctly.
    $r->headers_out->set('Location' => $theURI);

    return HTTP_MOVED_TEMPORARILY;
  }

So, my question is what can I do here to get the correct page to load after the authentication has taken place? I can't seem to get past the "Forbidden" page. Also, am I going about this the right way, or is there a better way to do this?

Any help here would be greatly appreciated.

Thanks,
dv
Start Free Trial