Project

General

Profile

[Solved] Cookie authentication to directory

Added by savages about 8 years ago

I have a requirement to assign a cookie for authentication AuthCookie(). I would like to protect a normal static page directory with this method. I was thinking about modifying mod_auth to support a new "cookie" method or I could create a new plugin.

the cookie method would create a cookie that has the form cookie_name=hex(hash[0:31])DATA
where hash is md5/sha256(secret+DATA)
if valid store DATA in an environ variable

How do you store a variable into the environment?

(auth/cookie).require = ( "/directory" =>
..(
...."method" => "cookie",
...."realm" => "download archiv",
...."require" => "valid-user" # valid cookie
...."secret" => "secret"
...."name" => "cookie_name"
..)
)

This is the last thing I need to get working before I can switch from apache to lighttpd.


Replies (2)

RE: Cookie authentication to directory - Added by stbuehler about 8 years ago

I recommend using mod_magnet for this (lighty.request contains the request headers)

RE: [Solved] Cookie authentication to directory - Added by gstrauss 7 months ago

Multiple options:
You can use mod_magnet and some custom lua code.
You can use mod_fastcgi with a custom FastCGI authorizer.
You could write an mod_authn_cookie module which plugs into mod_auth Docs_ModAuth.
...

    (1-2/2)