All my apache cookie auth module does is collect the cookie if it exists, and
convert it into a Basic Authentication header. Then you use the normal
User-ID/Password mechanisms to grant authorization to the directory/page you
are protecting.
So, the first step is to get password-based authentication & authorization
working. Then add the cookies.
For example, using my mod_auth_msql module for authorization, I might have
this configuration:
--cut here--
AuthName GCRC (User ID is your email address)
AuthType Basic
AuthGroupFile /dev/null
AuthMSQLHost localhost
AuthMSQLDB govcon
AuthMSQLUserTable user_info
Please enter your GovConTM User ID and password below, then select the "Generate Cookie" button. This will cause your browser to store your User ID and password so that you don't need to type them in again when visiting GovCon. This will only work with browsers that support "Cookies", such as Netscape Navigator.
}; #' } else { # generate the cookie! we just hex-escape every character for the # old security through obscurity method... my $cookie; my $user = $req->param('user'); my $pass = $req->param('pass'); my ($db_user,$db_pass,@rest) = &gc::get_user_info_raw($user,undef); (SendHeaders() && &gc::warning(qq{Your User ID and password did not match what is in our database. Please go back and re-enter them the same way you did when initially signing into GovCon})) unless ($user eq $db_user and crypt($pass, $db_pass) eq $db_pass); # now we know it is ok! ($cookie = "$user:$pass") =~ s/(.)/sprintf("%%%02x",ord($1))/gei; SendHeaders(ContentTypeHdr(), "Set-Cookie: $cookietag=$cookie; path=/; expires=$expires;\r\n"); &gc::header("Password "Cookie" Generated"); print qq{We have set your GovConTM User ID cookie. Please remember that this will only work with browsers that support "Cookies", such as Netscape Navigator.
To test it out, please exit your web browser, then restart it. Visit GovConTM and try to access the Information Center. You should not be prompted for your User ID and password as long as you visit GovCon from this same computer and you do not delete the cookie data. If you are prompted for your User ID and password, then either your browser does not support cookies or you entered your Used ID and password incorrectly on the previous page.
}; } &gc::copyright(); $req->cgi->exit(); --cut here--