Re: Open Maket and FCGI Authorizer Question

Bill Snapper (snapper@OpenMarket.com)
Wed, 26 Mar 1997 07:32:40 -0500

Message-Id: <33391768.4A05@openmarket.com>
Date: Wed, 26 Mar 1997 07:32:40 -0500
From: Bill Snapper <snapper@OpenMarket.com>
To: David Moulton <DMOULTON@novell.com>
Subject: Re: Open Maket and FCGI Authorizer Question

David Moulton wrote:
> 
> This is a little hard to explain, but I'll try...
> 
> I'm using Open Market Secure server 2.0 and 2.1 beta on Solaris 2.5.1.
> 
> I have a FCGI authorizer that is used in an authorizeRegion of /* . But, I don't actually
> do any authorizing unless the user requests a doc from specific subdirectories. When the
> person authorizes, one of the ENV vars that is set is called 'CONTACT_ID'.

Is 'CONTACT_ID' set by:
    o the Authorizer using the "Variable-" response header?
    o a region directive in the Web Server's configuration script?

> 
> Now, I would expect that when this var gets set, because the authorizeRegion is /*, that
> this var should persist anywhere on the site. But it doesn't seem to do this. If I then go
> to another dir, one that doesn't require authorization, the CONTACT_ID var goes away.

The variable will only persist for the duration of the current request. 
Any 
subsequent requests will require the addition of the variable
'CONTACT_ID' by
either the authorizer or a region command.

> 
> I've checked and rechecked the code, and even had it log what the CONTACT_ID var has right
> at the top of the FastCGI while loop. It is empty when in one of the unprotected dirs.
> 

It's sort of difficult to determine just where the environment variable
is beng set which is what makes it tough to explain exactly the problem
you're seeing.  Is your FastCGI process performing a "putenv" of the
variable 'CONTACT_ID'?  If so, did you know that it will be wiped out
when the next request comes in?  This is by design.  There are two types
of environment variables that a FastCGI process will get.  The first
is the set of initial environment variables which gets set by the
Web Server when the process is first exec'd.  These vara are set by
using the "-initial-env" switch in the AppClass configuration directive.
There will -initial-env per variable (name=value pair) set.  These MUST
be extracted by the FastCGI process when it starts up before the first
call to FCGI_Accept() is made as the environment will be replaced with
that of a FastCGI request which brings us to the second type, per
request
environment variables.  Each new request will cause a new environment to
be created, thus replacing the prior environment.

The reason for this is that each request will contain a new set of
environment variables which describe it.  This includes the standard
set of environment variables, any which may be added by Regions with
AddCGI directives, any set by an authorizer using "Variable-" as the
method for adding to a request's environment set.

I hope this explains what is going on with your server and application.

Regards,

- Bill -

-- 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Bill Snapper           | Open Market, Inc.   | My opinions are my own,
Software Engineer      | 245 First St.       | and not necessarily
snapper@openmarket.com | Cambridge, MA 02142 | those of my employer, 
1-617-949-7365         |                     | Open Market Inc.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++