You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Thomas Eckert <th...@gmail.com> on 2014/01/20 16:31:43 UTC
[users@httpd] Using form based authentication sessions across locations
Using form based auth, e.g.
<Location /foo>
AuthName "forms_foo"
AuthFormProvider my_provider
AuthType form
AuthFormLoginRequiredLocation "/foo_form"
Session On
SessionCookieName foo_cookie path=/foo/;httponly
SessionCryptoPassphrase somereallyneatandnicepassphrase
SessionCookieRemove On
Require valid-user
</Location>
is it possible to "reuse" that session cookie for another path, e.g. /bar ?
With "reuse" I think of sending out a session cookie for /bar as well as
for /foo. This way, users logging in through form based auth on /foo will
not have to log in on /bar as well.
HTTP cookies do not allow for multiple paths, so if at all one would have
to use multiple cookies. Since the cookies should carry session information
I reckon they ought to be configured via mod_session_cookie but that module
has no fitting directive. The only thing in mod_session_cookie close to
what I'm looking for is AuthFormSitePassphrase but I do need auth checks in
my custom provider to run (timeouts involved).
Any suggestions on how to go about this ?