httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Eckert <>
Subject [users@httpd] Using form based authentication sessions across locations
Date Mon, 20 Jan 2014 15:31:43 GMT
Using form based auth, e.g.

<Location /foo>
    AuthName "forms_foo"
    AuthFormProvider my_provider
    AuthType form
    AuthFormLoginRequiredLocation "/foo_form"
    Session On
    SessionCookieName foo_cookie path=/foo/;httponly
    SessionCryptoPassphrase somereallyneatandnicepassphrase
    SessionCookieRemove On
    Require valid-user

is it possible to "reuse" that session cookie for another path, e.g. /bar ?
With "reuse" I think of sending out a session cookie for /bar as well as
for /foo. This way, users logging in through form based auth on /foo  will
not have to log in on /bar as well.

HTTP cookies do not allow for multiple paths, so if at all one would have
to use multiple cookies. Since the cookies should carry session information
I reckon they ought to be configured via mod_session_cookie but that module
has no fitting directive. The only thing in mod_session_cookie close to
what I'm looking for is AuthFormSitePassphrase but I do need auth checks in
my custom provider to run (timeouts involved).

Any suggestions on how to go about this ?

View raw message