www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hyperreal.org
Subject Re: general/1433: Double login with partially specified request addresses
Date Wed, 19 Nov 1997 08:50:34 GMT
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]

Synopsis: Double login with partially specified request addresses

State-Changed-From-To: open-closed
State-Changed-By: dgaudet
State-Changed-When: Wed Nov 19 00:50:33 PST 1997
Sorry but there's nothing we can do, because issuing the
redirect requires privs.  This is a client-side issue; the
client is in the position to know what the heck is going on,
and the server isn't.  It's the same if you try anything with
cookies, if the user specifies an incomplete domain then
they'll get cookies for that incomplete domain that won't work
when they use the full domain.

You might be able to pull some magic with mod_rewrite, but
there's nothing we can do to reorder the phases in apache.
Auth comes before the handler ... it has to.  And the handler
isn't called if the auth isn't given.


View raw message