[Catalyst] 5.80005: $c->req->remote_user and apache: excluding
actions from authentication
Francesc Romà i Frigolé
francesc.roma+catalyst at gmail.com
Wed Jun 10 10:06:51 GMT 2009
On Wed, Jun 10, 2009 at 11:17 AM, Tomas Doran <bobtfish at bobtfish.net> wrote:
>
> On 10 Jun 2009, at 09:40, Francesc Rom=E0 i Frigol=E9 wrote:
>
>> 1) static performance: serving static files directly from apache is much
>> faster than through catalyst. I find it specially noticeable with big fi=
les
>> like large pictures and pdfs. Some of the files should not be public. If=
I
>> do authentication in catalyst I can't serve them directly from apache.
>>
>
> Nod so.
>
> Look at mod_sendfile, which implements lighty's X-SendFile
>
Google thinks you meant mod_xsendfile: http://tn123.ath.cx/mod_xsendfile/
It looks very interesting but I wonder if my shared host provider
(asmallorange) would agree to install it.
2) dynamic/AJAX laziness: pages that use XMLHttpRequest stop working when
> authentication expires. Unless I manually detect the condition and allow =
the
> user to re-authenticate. Using HTTP auth should let the browser take care=
of
> this.
>
Erm, the reason that this will never fail with HTTP auth is that http auth
> never expires (well, it always lasts one browser session), and the browser
> sends the auth credentials with each request.
>
Good point !!!!
>
> You can get the same effect by setting the correct options on your session
> cookie.
>
I'll look into that then. Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/f85ea=
b53/attachment.htm
More information about the Catalyst
mailing list