You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Jason Fong <Jf...@ucla.edu> on 2003/07/18 21:42:04 UTC

authentication realms in http and https

We recently upgraded our webserver from 
Apache 1.3.6 / modperl 1.19
to
Apache 1.3.27 / modperl 1.27

We use a .htaccess file in a directory to have a modperl script do
authentication for directory access (for downloading files, etc.).  It
also redirects the user from http to https if he does not come in
through https.

On our old server, the user would only see the browser's login box once
when he came in through http and was redirected to https.  On the new
server, however, the user has to login twice.  But if the user comes in
through https on the new server, there is only one login.

So my guess is that the new server is not treating an authentication
realm in http as the same as one in https.

So, my question is... Is this different treatment of the http/https
authentication realms something that changed in the newer version of
modperl (or possibly apache)?  Or is this something that can be changed
through configuration options?  (and also... is my analysis even
correct? :) )  Thanks!


-Jason Fong