[Catalyst] 5.80005: $c->req->remote_user and apache: excluding
actions from authentication
Tomas Doran
bobtfish at bobtfish.net
Wed Jun 10 09:17:14 GMT 2009
On 10 Jun 2009, at 09:40, Francesc Romà i Frigolé wrote:
> 1) static performance: serving static files directly from apache is
> much faster than through catalyst. I find it specially noticeable
> with big files like large pictures and pdfs. Some of the files
> should not be public. If I do authentication in catalyst I can't
> serve them directly from apache.
Nod so.
Look at mod_sendfile, which implements lighty's X-SendFile
Personally, I use nginx and its X-Accel-Redirect as I'm proxying
files from other web servers (MogileFS), rather
than serving them from local disk. But either way - you can do your
Authentication, Authorization and Auditing in Catalyst, then delegate
back to your web server for actually shoveling the bytes down the wire.
> 2) dynamic/AJAX laziness: pages that use XMLHttpRequest stop
> working when authentication expires. Unless I manually detect the
> condition and allow the user to re-authenticate. Using HTTP auth
> should let the browser take care of this.
Erm, the reason that this will never fail with HTTP auth is that http
auth never expires (well, it always lasts one browser session), and
the browser sends the auth credentials with each request.
You can get the same effect by setting the correct options on your
session cookie.
Cheers
t0m
More information about the Catalyst
mailing list