httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] how to set apache authentication time out
Date Tue, 27 Aug 2002 11:40:49 GMT
Authentication doesn't work like this. Apache is stateless and doesn't really know who is "logged
in".

What really happens is that when someone requests a page from a "password protected" directory,
apache responds with a "401 Unauthorized" response. The browser then pops up a challenge window
and the user types in user and password. The browser then caches this data and sends it in
an "Authorize" header with every subsequent request to that directory - thus creating the
illusion of being logged in.

Apache has no sense of time on this and simply verifies every Authorize header against the
AuthUserFile every time it receives a request. If it passes you get the page, if not you get
401 again.

To do what you want to do, you'd have to forget about authentication in apache and implement
the whole scheme in CGI.

Rgds,

Owen Boyle

>-----Original Message-----
>From: lzx [mailto:lzx@netchina.com.cn]
>Sent: Dienstag, 27. August 2002 13:09
>To: users@httpd.apache.org
>Subject: [users@httpd] how to set apache authentication time out 
>
>
>Hello, everyone
>
>I added a line in httpd.conf as:
>
>AccessFileName .htaccess
>
>And created ".htaccess" file in document root dir, as following
>
>order deny,allow
>deny from all
>allow from all
>AuthUserFile    /usr/apache/conf/passwd
>AuthGroupFile  /dev/null
>AuthName       Bypasswd
>AuthType       Basic
>
><Limit GET POST>
>require valid-user
></Limit>
>
>Now the authenticaion is ok. :-)
>
>But I need an additional function of time out, that is, 
>make user invalid after a period of idle time, then 
>user must relogin.  How should I do?
>I hope to make some configuration to complete it instead
>of writing a cgi to save cookie.
>
>Much thanks.
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message