Included on this page:

  • Pubcookie Login Server
  • Pubcookie Apache Module
  • Pubcookie ISAPI Filter
  • Other

Pubcookie Login Server

Are there any known compatibility issues with Netscape 4.x?
Yes, there seems to be a problem with how it handles the redirection after a successful login, particularly with window.location.replace used in the default nonpost_redirect template. For better compatibility with Netscape 4.x, edit this template such that Netscape 4.x uses meta-refresh to get back to the target resource.

Pubcookie Apache Module

How does one turn off authentication in a subdirectory?
This may be a hack, but it seems to work:

    satisfy any
    AuthType none
    order deny,allow
    allow from all

This lets everyone in, and it works because the allow directive is checked before authentication. The satisfy any directive says “if access is ok, don’t bother checking authentication.” This solution may also work to switch from a Pubcookie authtype to the Basic authtype.

Does mod_pubcookie work with Apache-SSL?
Evidence suggests that it can be made to work with Apache-SSL, but it isn’t currently supported. To determine if a request uses HTTPS, mod_pubcookie uses the Extended API (ap_hook_call()) extension, which Apache-SSL doesn’t use or install. Therefore, mod_pubcookie.so won’t load since it can’t resolve this function call. The workaround is to comment out the use of ap_hook_call() in mod_pubcookie.c at the price of losing the info that it provides.

Pubcookie ISAPI Filter

  • Microsoft .NET?
  • how to keep accurate time on Windows?
  • limitation – static content in filter; no authorization

Other Possible Questions

  • limitations (e.g. lynx browser, unauthenticated file uploads, cross dns)
  • authentication vs. authorization
  • Microsoft .NET?
  • what, no API? why modules?
  • servlets? tomcat?
  • how to keep accurate time?
  • limitation – static content in filter; no authorization