httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] mod auth confusion.
Date Thu, 31 Jul 2003 19:14:51 GMT

On Thu, 31 Jul 2003 wrote:

> commented it out again and I got into secure without any authorization.
> looking at the access_log, it gave

Most likely your browser had cached the credentials and was submitting
them on your behalf.  Try closing all browser windows and restarting your

> I can't find a cookie under me which would seem to have my user and the
> password in it. How does apache know it's me. yes, myname is in the
> .htacces file after "Require user" but why doesn't it request
> authorization as it did once?

See the section "How WWW Authentication Works" under

It is alot like cookies, but is completely separate from cookies, in that
it uses a different HTTP header.  The difference from cookies is that the
browser won't store the credentials between sessions; instead it prompts
the user for them each time.

> 2. Why can't I put AllowOverride in .htaccess without an error?

Did you read the docs for the AllowOverride dirctive?

If you do, you'll find that this directive sets which kinds of directives
can appear in an .htaccess file, so it makes no sense whatsoever to put it
in an .htaccess file itself.  It can only go in httpd.conf.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message