httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: make mod_auth_form tell you where the credentials came from
Date Tue, 03 Dec 2013 15:45:53 GMT
On 03 Dec 2013, at 5:29 PM, Thomas Eckert <> wrote:

> This whole process is important for supporting two factor authentication - in my example
with OTP - but I doubt this is the only use case. In general it's a good idea to let the auth
providers know where the user credentials came from (eg. headers vs. body).

I see a possible technical solution to something, but I don't yet understand the problem that
technical solution is trying to solve.

The end user has never logged in, so they get a form, they enter credentials, they are logged
in. Time passes, a session of some kind expires (a session provided by mod_session, or an
internal unrelated session?), and the user… has to log in again?

I get the sense you're fighting against httpd's AAA modules instead of using them. Are you
using mod_auth_socache to cache the credentials or something else? Are you using mod_session
to implement your session or something else?


View raw message