httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tvlgiao <>
Subject Re: [users@httpd] only one ip per user (has many connections) can access resource at the same time ?
Date Mon, 06 Feb 2006 13:19:43 GMT
2006/2/6, Boyle Owen <>:
> > -----Original Message-----
> > From: tvlgiao []
> > Sent: Sonntag, 5. Februar 2006 00:28
> > To:
> > Subject: [users@httpd] only one ip per user (has many
> > connections) can access resource at the same time ?
> >
> > Hello all,
> >
> > How can I configure Apache to use mod_auth_mysql  to solve
> > the following authentication theme:
> >
> > In brief: if A logs in and is downloading  (connection
> > established, IP is saved when he logs  in), no other user can
> > use A's account to  authenticate (because anyone else has
> > different  IP.)
> >
> > If A logs in and is not downloading anything (no  connection,
> > session and A's IP is saved).  B can use A's account  to log
> > in (establish a new Connection, B's  session overrides A's as
> > A hasn't start any connection).  Hence, Precisely at the time
> >  when B logs in, A is booted as B's session already overrides A's.
> You have a fundamental misunderstanding of HTTP. It is not a
> conection-based protocol (like the telephone), it is connection-less and
> stateless and works with the client and server exchanging messages (ie, it
> is electronic document mail-order). So, at the HTTP layer, you don't really
> have people "logged in" at all...

oh, i mean that  while a file is "transferring", the connection is also
"opening", isn't it ? with a large file, the connection probably opens
longer than small files (sometimes we don't realize). the connection will be
closed when a file finished or user close web browser.

Having said all that, you can provide the illusion of sessions and
> statefullness, but only by loading an application on top of HTTP - this
> would be some form of session tracking using cookies, for example. For this,
> you need additional server-sided logic (eg, CGI, PHP, Cocoon, etc.) and it
> can't be done simply by configuring apache.

writing server-side script i can check authentication, but can not check
whether user is downloading or not at that moment. i thinks only web server
can check that state.

> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.

anyway thanks for your reply.


View raw message