httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From redhat <red...@fayelectric.com>
Subject Re: [users@httpd] kill .htaccess session
Date Tue, 13 Jul 2004 18:29:18 GMT
On Tue, 2004-07-13 at 12:51, Tim Burden wrote:
> I don't seem to understand:
> "I tried using PHP and MySQL authorization and got it to work on the parent
> page but if someone pulled up the history and went to a subsequent page it
> would let them right in without user/pass."
> 
> Isn't that what you want? Once you authenticate once with .htaccess (HTTP
> auth) you can see any page in any directory below the one with the .htaccess
> file.
> 
> ----- Original Message ----- 
> From: "redhat" <redhat@fayelectric.com>
> To: "apachelist" <users@httpd.apache.org>
> Sent: Tuesday, July 13, 2004 1:38 PM
> Subject: [users@httpd] kill .htaccess session
> 
> 
> > I have a few Linux servers that use internally for some minor web
> > applications that I have written.  Most of these are used only by myself
> > and my assistant.  I have some sensitive information on here as well as
> > other information that I need when going from one user's computer to
> > another that needs to be kept private.  I tried using PHP and MySQL
> > authorization and got it to work on the parent page but if someone
> > pulled up the history and went to a subsequent page it would let them
> > right in without user/pass.  I like .htaccess because it keeps the
> > entire directory secure enough for me.  My problem is this, it seems to
> > keep the session open for an unspecified period of time.  I know in PHP
> > I can kill the session by issuing another variable with a null value.
> > How can I do this using .htaccess?  Any help appreciated.
> > thanks,
> > Doug
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
I suppose what I meant was that at a later time (using PHP/MySQL) an
end-user could pull up a page that I didn't want them to have access to
simply because the authentication took place on the index login page.  I
guess I need to dig deeper into php/mysql authentication to make this
work.  I appreciate all the help.  It sounds like some of you others
understood what I meant and have experienced the same thing.
thanks,
Doug


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message