httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wallace, Brian S." <>
Subject [users@httpd] Adding timeouts to Apache 2.0
Date Tue, 31 Aug 2004 18:52:45 GMT


I am adding code to Apache 2.0 to provide a timeout for all
authenticated content.  I have everything working, but because browsers
use cached credentials, I cannot be sure that the user re-authenticated
or the browser re-authenticated.  I change the realm name and do a
HTTP_UNAUTHORIZED response to trick the browser into prompting the user.
However, if the user types the password in wrong or cancels the
authentication process, I can't be sure that the next successful
authentication came from my original HTTP_UNAUTHORIZED response or not.


Are there any tricks that can be done like telling the browser to clear
the password cache or have the browser return the realm name that it's
authenticating to?  Any other ideas or approaches to this problem would
be appreciated.




Brian S. Wallace


Oak Ridge National Laboratory
P. O. Box 2008, MS 6025
Oak Ridge, Tennessee  37831-6025


Voice (865) 576-3193
Fax   (865) 241-4000


View raw message