httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Force authentication
Date Mon, 02 Oct 2006 20:54:42 GMT
On Monday 02 October 2006 21:40, António Mota wrote:
> Hello:
>
> I'm trying to do some basic authentication that checks for user
> existence on every request, something like this:
>
> 1) User asks page
> 2) Server answer with a 401
> 3) Browser ask for User id/pwd
> 4) Browser sends User id/pwd
> 5) Server looks into user file if user id/pwd exists

Yep.

> so far so good, but i was expecting that steps 4) and 5) will repeat
> for every request from the Browser from now on.

Yep.  Browser remembers credentials.

> But it seems that does 
> not happen.

Hmm?

> I have my user file updated by a external application (at the moment
> it's me updating manually between requests) so i expected that if i
> deleted the user id/pwd from the file between subsquent 4) - 5) the
> server will detect that the user id was not on the file anymore and
> ask again for a user id/pwd or signal the browser of invalid
> credencials.

What's in your access log?  Either your authentication module is
cacheing something, or (very likely) the browser is.

> But that doesen´t happen, it seems step 5) isn't executed anymore
> (unless i clear the TTP Authentication ofcourse).

what do you mean by that?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.prenhallprofessional.com/title/0132409674

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message