httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John K. Sterling" <j...@sterls.com>
Subject RE: [users@httpd] Auth Modules and internal Redirects
Date Fri, 31 Jan 2003 19:48:34 GMT
Hi - 

>-- Original Message --
>Reply-To: users@httpd.apache.org
>From: "Nebergall, Christopher" <cneberg@sandia.gov>
>To: "Apache Users (E-mail)" <users@httpd.apache.org>
>Date: Fri, 31 Jan 2003 11:34:30 -0700
>Subject: [users@httpd] Auth Modules and internal Redirects
>
>
>Is it possible to securely authenticate the initial request, then not
>re-authenticate the internally redirected request again?  

not really.  The problem is that the auth rules change for files && locations
- so as far as your auth module is concerned there is no reliable way to
assume it doesn't need to authenticate again.  We've tried to come up with
some solutions, but none are reliable.  With a little more help from the
apache core it *might* be possible - but this would probably be a big job.
 thats my 2p.

you're best bet is to have you're auth module cache user properties so that
it can be fast on subsequent auth requests.

sterling


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message