[Catalyst] 5.80005: $c->req->remote_user and apache: excluding actions from authentication

Francesc Romà i Frigolé francesc.roma+catalyst at gmail.com
Wed Jun 10 10:06:51 GMT 2009

On Wed, Jun 10, 2009 at 11:17 AM, Tomas Doran <bobtfish at bobtfish.net> wrote:

> On 10 Jun 2009, at 09:40, Francesc Rom=E0 i Frigol=E9 wrote:
>> 1) static performance: serving static files directly from apache is much
>> faster than through catalyst. I find it specially noticeable with big fi=
>> like large pictures and pdfs. Some of the files should not be public. If=
>> do authentication in catalyst I can't serve them directly from apache.
> Nod so.
> Look at mod_sendfile, which implements lighty's X-SendFile

Google thinks you meant mod_xsendfile: http://tn123.ath.cx/mod_xsendfile/

It looks very interesting but I wonder if my shared host provider
(asmallorange) would agree to install it.

 2) dynamic/AJAX laziness: pages that use XMLHttpRequest stop working when
> authentication expires. Unless I manually detect the condition and allow =
> user to re-authenticate. Using HTTP auth should let the browser take care=
> this.

Erm, the reason that this will never fail with HTTP auth is that http auth
> never expires (well, it always lasts one browser session), and the browser
> sends the auth credentials with each request.

Good point !!!!

> You can get the same effect by setting the correct options on your session
> cookie.

I'll look into that then. Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/f85ea=

More information about the Catalyst mailing list