[Catalyst] 5.80005: $c->req->remote_user and apache: excluding
actions from authentication
Francesc Romà i Frigolé
francesc.roma+catalyst at gmail.com
Wed Jun 10 10:06:51 GMT 2009
On Wed, Jun 10, 2009 at 11:17 AM, Tomas Doran <bobtfish at bobtfish.net> wrote:
> On 10 Jun 2009, at 09:40, Francesc Rom=E0 i Frigol=E9 wrote:
>> 1) static performance: serving static files directly from apache is much
>> faster than through catalyst. I find it specially noticeable with big fi=
>> like large pictures and pdfs. Some of the files should not be public. If=
>> do authentication in catalyst I can't serve them directly from apache.
> Nod so.
> Look at mod_sendfile, which implements lighty's X-SendFile
Google thinks you meant mod_xsendfile: http://tn123.ath.cx/mod_xsendfile/
It looks very interesting but I wonder if my shared host provider
(asmallorange) would agree to install it.
2) dynamic/AJAX laziness: pages that use XMLHttpRequest stop working when
> authentication expires. Unless I manually detect the condition and allow =
> user to re-authenticate. Using HTTP auth should let the browser take care=
Erm, the reason that this will never fail with HTTP auth is that http auth
> never expires (well, it always lasts one browser session), and the browser
> sends the auth credentials with each request.
Good point !!!!
> You can get the same effect by setting the correct options on your session
I'll look into that then. Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalyst