httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "António Mota" <>
Subject [users@httpd] Force authentication
Date Mon, 02 Oct 2006 20:40:05 GMT

I'm trying to do some basic authentication that checks for user
existence on every request, something like this:

1) User asks page
2) Server answer with a 401
3) Browser ask for User id/pwd
4) Browser sends User id/pwd
5) Server looks into user file if user id/pwd exists

so far so good, but i was expecting that steps 4) and 5) will repeat
for every request from the Browser from now on. But it seems that does
not happen.

I have my user file updated by a external application (at the moment
it's me updating manually between requests) so i expected that if i
deleted the user id/pwd from the file between subsquent 4) - 5) the
server will detect that the user id was not on the file anymore and
ask again for a user id/pwd or signal the browser of invalid

But that doesen´t happen, it seems step 5) isn't executed anymore
(unless i clear the TTP Authentication ofcourse).

Am i doing something wrong, or assuming something i shouldn't? Could
be that the user file get's cached after the first check? If so how
can i un-cache it?

Any ideas?

Melhores cumprimentos / Kind regards
António Santos Mota

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message