You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Barnaby Kent <ba...@hotmail.com> on 2004/09/19 12:33:47 UTC
[users@httpd] Intermittent Basic Authentication Failure
Hi,
Please can someone help me out here I am at a complete loss. We use Baic
authentication on our web application as a way to protect direct access to
semi-sensitive images. The user logs in using a 'secure' method and is
provided with a further password or session id which is used by basic
authentication to allow them access to the images for their sesssion. I am
using mod_auth_pgsql so we can authenticate against a postgresql db.
This all works fine 99% of the time but every so often a user will enter the
correct details at the Basic authentication prompt - I have checked them
against the values that have been placed in the database - and they wil not
be permitted access. It is almost as if the browser is not sending the
authorization header correctly. This sometimes happens when the basic
authentication prompt first pops up but can also occur when the user has
been allowed access to resources for a while but then the prompt pos up.
I get two errors in the error log reported by mod_auth_pgsql, an "empty
password" 403 and a "password mismatch" 403. I cannot work out if the
browser is not sending the authorization header correctly - is their a limit
to the size of the Base 64 encoded authorization header that is allowed to
be sent? Or maybe the module not correctly decoding the authorization
header.
This seems to happen across authenticaiton realms. Also I am using Tomcat
with Apache if that makes any difference and I am authenticating resources
served by apache and tomcat.
ANY COMMENT greatly appreciated,
Thanks,
Barnaby
_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org