HTTP Authentication via Perl

I’m trying to get a Perl script to authenticate and then redirect into the restricted directory without prompting the user for a password. The following code or method does not work and would appreciate any suggestions.

I don’t know if there’s a problem with the “credentials” method or the way I’m trying to get to the restricted directory.

I know this looks pointless, but it’s just one part of something else.

When it redirects, it still prompts the user for a login & password.

Restricted Directory:
Realm Name: Protected
Username: test
Password: test




require '';
use CGI::Carp qw(fatalsToBrowser);
require LWP::UserAgent;

my $url = '';

use LWP 5.64;
  my $browser = LWP::UserAgent->new;
  'test' => 'test'
  print "Location: ".$url."\

How exactly are you restricting it in the first place? Apache? Do you have access to update this at all?

Yes, Apache.

I have total access.

Ok. I don’t think it’s possible to override the server default because initially that directory was set as protected.

Why not just have an index page for that directory with a login, and cookies and possibly even an IP check so you don’t have to login, but it wouldn’t let anyone else go in?

What I have is a cgi/perl based system that lets a user self-register and then it sets a cookie. It’s not a complete system… it’s just a means to get the cookie set so some other system can read it and do the authentication.

Now to secure the directory, I wanted to use HTTP Authentication with a generic login/password.

My thinking was to write a perl script to just check the cookie and then use the generic apache login to get into the secure directory.

I’m also trying to make this system properly fail when Javascript is disabled and also kick people out when they try to access a restricted page via a bookmark.

At this point, I could not get the method above to work since the login is for the “virtual” browser within the perl environment. But I did get an Ajax based script to do the HTTP login, very transparently.

My new thought is to now use a Javascript to check for the cookie and then do the HTTP login with Ajax in the browser. The only remaining issue is how to handle people coming in from a bookmarked link without the ugly HTTP Auth box popping up… and I don’t think that’s possible.

This code can’t work:



require ‘’;
use CGI::Carp qw(fatalsToBrowser);
require LWP::UserAgent;

my $url = ‘’;

use LWP 5.64;
my $browser = LWP::UserAgent->new;
‘test’ => ‘test’
print "Location: “.$url.”


All it will do is print the url in the Location at the end. The authentication part of the code is not doing anything useful. You have to keep working with your object, $browser, to get into the protected directory. Unfortunately I don’t know how to do it myslef. Ask on

You are correct… is does not authenticate the real browser, only the virtual browser which is no good to me. I can do with Ajax but not in perl.

However, the last line is perfectly valid for auto-directing your browser to another page. I’ve used it in other perl scripts.

I know the last line is valid, but its not helping with anything in your script. You need to find a method that you can tell $browser to execute to get into the directory once you’ve gotten/set the credentials. Like I suggested, ask on or wait here and see if someone is familiar enough with LWP::UserAgent to know how to do this.

Ahh… ok, got it. Thank-you!

Earlier I found a way to retrieve the page from the secure area and display it in the browser. The main downside was that the URL was the path to the CGI script and not a true URL to the actual page.

Upon reflection, that’s not really a downside. That will prevent users from being able to bookmark the page (which is what I wanted). If they do and return later, the script can be written to automatically redirect them to the login page.

Here’s what’s working regarding the perl auto-authorization and loading of the secure page…

# ===========================

use LWP::UserAgent;
$ua = new LWP::UserAgent;
my $req = HTTP::Headers->new;

$req = HTTP::Request->new(GET => '');
$req->authorization_basic('test', 'test');
print "Content-type: text/html\
my $response = $ua->request($req);
print $response->content;

You might want to look into WWW::Mechanize also

That’s an excellent point.

I saw that during my research and can’t remember the issue I had with it, however it does look very similar to what I’m currently doing.

Thanks for reminding me though… perhaps I’ll need it if I get stuck with LWP.