httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wallace, Brian S." <wallac...@ornl.gov>
Subject Programming a timeout into Apache
Date Tue, 31 Aug 2004 18:26:20 GMT
Hi:

 

I am adding code to Apache 2.0 to provide a timeout for all
authenticated content.  I have everything working, but because browsers
use cached credentials, I cannot be sure that the user re-authenticated
or the browser re-authenticated.  I change the realm name and do a
HTTP_UNAUTHORIZED response to trick the browser into prompting the user.
However, if the user types the password in wrong or cancels the
authentication process, I can't be sure that the next successful
authentication came from my original HTTP_UNAUTHORIZED response or not.

 

Are there any tricks that can be done like telling the browser to clear
the password cache or have the browser return the realm name that it's
authenticating to?  Any other ideas or approaches to this problem would
be appreciated.

 

Thanks,

 

Brian S. Wallace

 

Oak Ridge National Laboratory
P. O. Box 2008, MS 6025
Oak Ridge, Tennessee  37831-6025

 

Voice (865) 576-3193
Fax   (865) 241-4000

 


Mime
View raw message