stackoom
  简体   繁体   中英

Populating remote user in apache log files from PHP session

 原文  2011-07-27 15:54:24       php/ apache/ session/ module/ authentication

Question

I did come across a description of how to get a value into the log file from PHP , however this effectively works by setting an arbitrary environment variable and substituting that in the log config string.

Really I want to control the value referenced by %u in the log config string along the way. The only way this seems to be possible is for the value to be returned by an auth module in Apache.

There's no end of mod_auth modules to choose from - however most seem to implement their own session management (ie generate their own cookies and maintain their own username-session lookups).

In an ideal world, I would want a module which:

  1. would allow me to specify the session cookie name
  2. could retrieve an arbitrarily/configurable named variable from a PHP session containing the username
  3. would then cache non-null sessionid/username combinations
  4. where appropriate, would redirect users to a configurable login URL

I used to be passable at C programming - so I could write my own if necessary - unfortunately a lot of the links from https://modules.apache.org are dead (mod_auth_any, mod_auth_cookie_dbm) so I'm having trouble finding something close to what I need to understand the API / finding something which I could use out of the box.

Any suggestions of well written modules which might provide what I need, or which are close to my requirements and well written/maintained?

TIA

C.

2 answers

solution1
 1  2011-07-27 18:23:49

You should check mod_auth_external .

The wiki contains a lot of useful informations, like:

Cookies could be used but:

It is not possible to set cookies from an authentication module

And no cache of authentification is done (only mod_authz_ldap is having a server-side cache).

I think you'll need to handle the PHP session initialization (cookie set), login pages, retry pages, and login succes (with maybe a session id regeneration) in a separate application, dedicated to that work. Use a second virtualhost, doing only that, like you would have with a SSO solution like CAS or a Radius server. Then use mod_auth_external to check the given cookie content or redirect the user to that login application. In the mod_auth_external authenticator you'll have to control it's a valid session on the server side (do not trust cookie content), either directly on the database or with a communication with this second app), but you should find something running fast, it's done on every requested object. Or trust the cookie content, using it for loging purpose only, but do not trust it on your real PHP application and check that the session is valid in the real application PHP side.

solution2
 0 ACCPTED  2011-08-09 10:38:40

决定与authmemcookie一起使用

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Log out user from php session Location for session files in Apache/PHP Set REMOTE_USER in Apache via PHP Handle lots of session files with apache2 and php Location of session files in Apache/PHP in OS X? Populating user birthday in dropdowns from database with php Yii2 remote logout a user session from the user current session fetching id from login session and populating in home page : php and mysql Shell access to files created by Apache user in PHP Delete session for remote user - Logout remotely in PHP - Codeigniter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM