httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Ionescu <bobsie...@googlemail.com>
Subject Re: [users@httpd] .htaccess
Date Thu, 10 Sep 2009 16:12:44 GMT
2009/9/7 Jos Chrispijn <apache@webrz.net>:
> Is there a way of forcing webbrowser to present a login popup every time
> they enter a protected URL? Now I login once and until I delete my
> cookies, I can go to the URL without having a username and password
> filled out, even not having the 'remember password' option active.

If your server replies with HTTP 401 to a request made with
credentials, the browser will drop the HTTP Auth session and
re-prompt.

However, since you can't distinguish between the previous and the next
request by the client after the prompt, you'll trap into a problem
(not to mention implementing something like that).

Conclusion: You'll need your own module with some sort of session
database attached to save the state user x HTTP 401, allow one request
with credentials for that username, HTTP 401, allow one request with
credentials for that username, HTTP 401....

Bob

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message