httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [users@httpd] Apache 1.3.33 digest authentication nonce error
Date Wed, 17 Nov 2004 20:39:08 GMT
On Tue, Nov 16, 2004 at 01:21:52PM -0500, Whittington, Langdon E. (LNG-DAY) wrote:
> I recently downloaded and compiled apache 1.3.33 on Solaris 9. 
> 
> I included mod_digest.c in the build. 
> 
> I get the following error when trying to access dynamic content (cgi):
> 
>             Client is using a nonce which was not issued by this server for
> this context: /cgi-bin/test.cgi

There was a bug which caused this to occur regularly in 1.3.31, but it's
fixed in 1.3.32 and .33. Are you definitely using .33?

The message will occur even in .32 and .33 if:

1) you restart the server

2) the server is listening on multiple IP addresses e.g. using DNS
round-robin, and the client switches between IP addresses between
requests (perhaps unlikely)

But it doesn't sound like either of the above are true, and the fact
that it only occurs for CGI is weird, I can't think why that would be
so.

The code is a bit of a hack, as Joshua said you're better off using
mod_auth_digest which avoids the issue.

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message