Re: Open Maket and FCGI Authorizer Question -Reply

David Moulton (DMOULTON@novell.com)
Wed, 26 Mar 1997 09:35:21 -0700

Message-Id: <s338edef.045@novell.com>
Date: Wed, 26 Mar 1997 09:35:21 -0700
From: David Moulton <DMOULTON@novell.com>
To: snapper@OpenMarket.com
Subject: Re: Open Maket and FCGI Authorizer Question -Reply

>>> Bill Snapper <snapper@OpenMarket.com> 03/26/97 05:32am >>>

>Is 'CONTACT_ID' set by:
>    o the Authorizer using the "Variable-" response header?
>   o a region directive in the Web Server's configuration script?

It is set by the 'Variable'  response header.

>The variable will only persist for the duration of the current request. 
>Any subsequent requests will require the addition of the variable
>'CONTACT_ID' by either the authorizer or a region command.

The way that the CONTACT_ID var gets set is via a lookup to a SQL database. I have the
logic such that if REMOTE_USER, REMOTE_PASSWD, and CONTACT_ID have values already, a
lookup to the database is not done, but the values are passed on through to the next page.
I have verified that DB lookups are not being made when I access multiple pages in one of
the protected dirs, so it at least appears that the CONTACT_ID is remaining in this case.
I assume I am just missing some brain cells here.

On a somewhat unrelated note, I have a couple of additional questions.

I am thinking of using a cookie to hold the contact_id. Will an authorizer be able to see
the HTTP_COOKIE var, assuming it is properly set?

Also, there are times when I need to authorize a person onto my site, but send them to a
page other than the one that they requested. Is this possible? How?

Thanks,

Dave Moulton
Novell, Inc