httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] login once for two virtual host
Date Fri, 28 Mar 2003 00:26:57 GMT


On Thu, 27 Mar 2003, Farid Hamjavar wrote:
> If user logs into doc1web.unm.edu may click on something that will
> land her on doc2web.unm.edu  .... And again, user is prompted
> with login dialog box of course.
>
> How can we avoid that? So users who login once to doc1web.unm.edu
> are not presented with the second login dialog box (for doc2web.unm.edu)

This can't be done with http basic auth.  It violates the basic security
principles because it would allow one host to steal passwords used on
another host.

The only way to do this is to forget http basic auth and use some other
method of session tracking (cookies, URL-path, etc) that allows you to
pass a session between hosts.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message