1

I did come across a description of how to get a value into the log file from PHP, however this effectively works by setting an arbitrary environment variable and substituting that in the log config string.

Really I want to control the value referenced by %u in the log config string along the way. The only way this seems to be possible is for the value to be returned by an auth module in Apache.

There's no end of mod_auth modules to choose from - however most seem to implement their own session management (i.e. generate their own cookies and maintain their own username-session lookups).

In an ideal world, I would want a module which:

  1. would allow me to specify the session cookie name
  2. could retrieve an arbitrarily/configurable named variable from a PHP session containing the username
  3. would then cache non-null sessionid/username combinations
  4. where appropriate, would redirect users to a configurable login URL

I used to be passable at C programming - so I could write my own if necessary - unfortunately a lot of the links from https://modules.apache.org are dead (mod_auth_any, mod_auth_cookie_dbm) so I'm having trouble finding something close to what I need to understand the API / finding something which I could use out of the box.

Any suggestions of well written modules which might provide what I need, or which are close to my requirements and well written/maintained?

TIA

C.

Improve this question

2 Answers 2

Reset to default
1

You should check mod_auth_external.

The wiki contains a lot of useful informations, like:

Cookies could be used but:

It is not possible to set cookies from an authentication module

And no cache of authentification is done (only mod_authz_ldap is having a server-side cache).

I think you'll need to handle the PHP session initialization (cookie set), login pages, retry pages, and login succes (with maybe a session id regeneration) in a separate application, dedicated to that work. Use a second virtualhost, doing only that, like you would have with a SSO solution like CAS or a Radius server. Then use mod_auth_external to check the given cookie content or redirect the user to that login application. In the mod_auth_external authenticator you'll have to control it's a valid session on the server side (do not trust cookie content), either directly on the database or with a communication with this second app), but you should find something running fast, it's done on every requested object. Or trust the cookie content, using it for loging purpose only, but do not trust it on your real PHP application and check that the session is valid in the real application PHP side.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks regiliero. "It is not possible...from authentication module" - where did you get this from? Is it specific to mod_auth_external? It appears that several authentication modules claim to be using cookies, e.g. mod_auth_cookie_mysql2, TIA
This is in mod_auth_external documentation in the HowTo part 5.
Ah, thanks. It seems to just be a module providing an interface to a backend which matches usernames and passwords - and invokes a new instance of the program for each request (no caching, no daemon support) so it would be very resource heavy. I've since found authmemcookie.sourceforge.net which seems to be very close to my requirements.
0

Decided to go with authmemcookie

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.