httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Schulman <>
Subject [users@httpd] AuthDigestDomain doesn't work
Date Sun, 12 Sep 2010 04:45:38 GMT
I have two domains, and, both served as virtual hosts
from my one Apache server.  Digest authentication is required on both hosts,
using the same realm and htdigest file.  Here's the configuration for

<VirtualHost *:80>
  AuthType Digest
  AuthName "example realm"
  AuthUserFile /path/to/htdigest
  Require valid-user

The configuration for is identical.  The two sites use the same
AuthUserFile and AuthName.

I have AuthDigestDomain there, because I want to avoid prompting the user twice
for their login credentials when they visit both of these sites.  That's what
AuthDigestDomain is explicitly supposed to be for.  And yet, in my experience so
far it doesn't work at all.  When someone visits and then goes to, they have to enter their same username and password again.

Looking around for an explanation of this, I found very little.  The most I
could find was one comment
claiming that "Most browsers do not respect the Digest "domain" directive and
will not resend credentials for other URIs. As far as I know, Opera is the only
browser that honors it."

Can anyone comment on whether this is true?  Is AuthDigestDomain essentially
useless, because most browsers won't honor it?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message