httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "António Mota" <amsm...@gmail.com>
Subject [users@httpd] Force authentication
Date Mon, 02 Oct 2006 20:40:05 GMT
Hello:

I'm trying to do some basic authentication that checks for user
existence on every request, something like this:

1) User asks page
2) Server answer with a 401
3) Browser ask for User id/pwd
4) Browser sends User id/pwd
5) Server looks into user file if user id/pwd exists

so far so good, but i was expecting that steps 4) and 5) will repeat
for every request from the Browser from now on. But it seems that does
not happen.

I have my user file updated by a external application (at the moment
it's me updating manually between requests) so i expected that if i
deleted the user id/pwd from the file between subsquent 4) - 5) the
server will detect that the user id was not on the file anymore and
ask again for a user id/pwd or signal the browser of invalid
credencials.

But that doesen´t happen, it seems step 5) isn't executed anymore
(unless i clear the TTP Authentication ofcourse).

Am i doing something wrong, or assuming something i shouldn't? Could
be that the user file get's cached after the first check? If so how
can i un-cache it?

Any ideas?

Thanks.
-- 
Melhores cumprimentos / Kind regards
António Santos Mota

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message