You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jos Chrispijn <ap...@webrz.net> on 2009/09/07 20:00:57 UTC
[users@httpd] .htaccess
Is there a way of forcing webbrowser to present a login popup every time
they enter a protected URL? Now I login once and until I delete my
cookies, I can go to the URL without having a username and password
filled out, even not having the 'remember password' option active.
Have search for session alike solution, but can't find a proper solution
yet. Can someone hint me out on this? Thanks.
Jos Chrispijn
- No one is listening until you make a mistake...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess
Posted by André Warnier <aw...@ice-sa.com>.
Jos Chrispijn wrote:
> Is there a way of forcing webbrowser to present a login popup every time
> they enter a protected URL? Now I login once and until I delete my
> cookies, I can go to the URL without having a username and password
> filled out, even not having the 'remember password' option active.
>
What is the authentication method used ?
Show us the directory configuration.
If it is Basic Authentication, that's how it works.
The browser remembers the "realm" (AuthName) of the first
authentication, and automatically re-adds the corresponding
authentication header whenever the server responds with a 401 for the
same realm.
In that case also, cookies have nothing to do with it.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess
Posted by Bob Ionescu <bo...@googlemail.com>.
2009/9/7 Jos Chrispijn <ap...@webrz.net>:
> Is there a way of forcing webbrowser to present a login popup every time
> they enter a protected URL? Now I login once and until I delete my
> cookies, I can go to the URL without having a username and password
> filled out, even not having the 'remember password' option active.
If your server replies with HTTP 401 to a request made with
credentials, the browser will drop the HTTP Auth session and
re-prompt.
However, since you can't distinguish between the previous and the next
request by the client after the prompt, you'll trap into a problem
(not to mention implementing something like that).
Conclusion: You'll need your own module with some sort of session
database attached to save the state user x HTTP 401, allow one request
with credentials for that username, HTTP 401, allow one request with
credentials for that username, HTTP 401....
Bob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org