--- loncom/auth/lontokacc.pm	2002/07/27 18:48:19	1.1
+++ loncom/auth/lontokacc.pm	2002/07/31 15:23:55	1.3
@@ -2,7 +2,7 @@
 # Low security Access Handler for Token-based access 
 # (clearance given by other loncapa host)
 #
-# $Id: lontokacc.pm,v 1.1 2002/07/27 18:48:19 www Exp $
+# $Id: lontokacc.pm,v 1.3 2002/07/31 15:23:55 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -30,23 +30,27 @@
 package Apache::lontokacc;
 
 use strict;
-use Apache::Constants qw(:common :remotehost);
+use Apache::Constants qw(:common);
 use Apache::lonnet();
 use Apache::loncommon();
 
 sub handler {
     my $r = shift;
-    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
-    ['token','server']);
+    my $query=$r->args;
+    &Apache::loncommon::get_unprocessed_cgi($query,['token','server']);
+    my $tmpinfo='no_token';
     if (($ENV{'form.token'}) || ($ENV{'form.server'})) {
-        my $tmpinfo=Apache::lonnet::reply('tmpget:'.$ENV{'form.token'},
-                                                    $ENV{'form.server'});
-
-        if ($tmpinfo eq $r->uri) {
+        $tmpinfo=&Apache::lonnet::unescape(
+                   &Apache::lonnet::reply('tmpget:'.$ENV{'form.token'},
+                                                    $ENV{'form.server'}));
+        chomp($tmpinfo);
+        my $uri=$r->uri;
+        if ($tmpinfo=~/$uri$/) {
 	   return OK;
         }
     }
-    $r->log_reason("Invalid token-based access",$r->filename); 
+    $r->log_reason("Invalid token-based access:".$r->uri.' for '.$tmpinfo.'.',
+        $r->filename); 
     return FORBIDDEN;
 }