Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 47176 invoked from network); 31 Aug 2004 18:53:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 31 Aug 2004 18:53:19 -0000 Received: (qmail 17944 invoked by uid 500); 31 Aug 2004 18:53:03 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 17920 invoked by uid 500); 31 Aug 2004 18:53:02 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 17907 invoked by uid 99); 31 Aug 2004 18:53:02 -0000 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_WHOIS,HTML_MESSAGE,HTML_NONELEMENT_30_40 X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from [160.91.4.119] (HELO emroute1.cind.ornl.gov) (160.91.4.119) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 31 Aug 2004 11:53:02 -0700 Received: from emroute1.cind.ornl.gov (localhost [127.0.0.1]) by emroute1.cind.ornl.gov (PMDF V6.2-X27 #30899) with ESMTP id <0I3B007NZR4BRN@emroute1.cind.ornl.gov> for users@httpd.apache.org; Tue, 31 Aug 2004 14:53:00 -0400 (EDT) Received: from ORNLEXCHANGE.ornl.gov (ornlexchange2.ornl.gov [160.91.1.22]) by emroute1.cind.ornl.gov (PMDF V6.2-X27 #30899) with ESMTP id <0I3B001ECR3XXK@emroute1.cind.ornl.gov> for users@httpd.apache.org; Tue, 31 Aug 2004 14:52:45 -0400 (EDT) Date: Tue, 31 Aug 2004 14:52:45 -0400 From: "Wallace, Brian S." To: users@httpd.apache.org Message-id: <325F46FDC9A60242846F2DCBFB4D092718276B@ORNLEXCHANGE.ornl.gov> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-type: multipart/alternative; boundary="----_=_NextPart_001_01C48F8B.B3F56414" Thread-Topic: Adding timeouts to Apache 2.0 thread-index: AcSPi7O4++8UVJ6yT6WTYTERNoCPaw== Content-class: urn:content-classes:message X-MS-Has-Attach: X-MS-TNEF-Correlator: X-Virus-Checked: Checked Subject: [users@httpd] Adding timeouts to Apache 2.0 X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C48F8B.B3F56414 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi: =20 I am adding code to Apache 2.0 to provide a timeout for all authenticated content. I have everything working, but because browsers use cached credentials, I cannot be sure that the user re-authenticated or the browser re-authenticated. I change the realm name and do a HTTP_UNAUTHORIZED response to trick the browser into prompting the user. However, if the user types the password in wrong or cancels the authentication process, I can't be sure that the next successful authentication came from my original HTTP_UNAUTHORIZED response or not. =20 Are there any tricks that can be done like telling the browser to clear the password cache or have the browser return the realm name that it's authenticating to? Any other ideas or approaches to this problem would be appreciated. =20 Thanks, =20 Brian S. Wallace =20 Oak Ridge National Laboratory P. O. Box 2008, MS 6025 Oak Ridge, Tennessee 37831-6025 =20 Voice (865) 576-3193 Fax (865) 241-4000 =20 ------_=_NextPart_001_01C48F8B.B3F56414 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi:

 

I am adding code to Apache 2.0 to provide a timeout = for all authenticated content.  I have everything working, but because = browsers use cached credentials, I cannot be sure that the user re-authenticated = or the browser re-authenticated.  I change the realm name and do a HTTP_UNAUTHORIZED response to trick the browser into prompting the = user.  However, if the user types the password in wrong or cancels the = authentication process, I can’t be sure that the next successful authentication = came from my original HTTP_UNAUTHORIZED response or = not.

 

Are there any tricks that can be done like telling = the browser to clear the password cache or have the browser return the realm = name that it’s authenticating to?  Any other ideas or approaches = to this problem would be appreciated.

 

Thanks,

 

Brian S. Wallace

 

Oak = Ridge National Laboratory
P. O. Box = 2008, MS 6025
Oak Ridge, = Tennessee  37831-6025

 

Voice (865) 576-3193
Fax   (865) 241-4000

 

------_=_NextPart_001_01C48F8B.B3F56414--