using authentication for access to a directory....eg .htaccess

I'd like to configure some kind of time out after no activity so that the
users is prompted again for
username and password, say after 5 min.

Is this doable with the standard configs or not???

thx ahead of time

dmc

"David McCall" <david@atgi.net> wrote in message news:<bdad94$i4h$1@nnrp.atgi.net>...
> I'd like to configure some kind of time out after no activity so that the
> users is prompted again for
> username and password, say after 5 min.
>
> Is this doable with the standard configs or not???

With HTTP basic auth? No. The client is completely responsible
for managing the login and must send the password with every request.

Joshua.

Maybe I didn't make my issue clear. It looks like the server caches the
username & password for some
period of time. (unknown). I would like to have the cache cleared after
5min. Is this possible on the
server side??


"Joshua Slive" <google@slive.ca> wrote in message
news:916ecaf4.0306241827.4fa7bd4b@posting.google.c om...
> "David McCall" <david@atgi.net> wrote in message
news:<bdad94$i4h$1@nnrp.atgi.net>...
> > I'd like to configure some kind of time out after no activity so that
the
> > users is prompted again for
> > username and password, say after 5 min.
> >
> > Is this doable with the standard configs or not???
>
> With HTTP basic auth? No. The client is completely responsible
> for managing the login and must send the password with every request.
>
> Joshua.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <bdb306$kbf$1@nnrp.atgi.net>, David McCall wrote:
> Maybe I didn't make my issue clear.

You didn't, AAMOF, but presumably since you talked about
..htaccess files you meant HTTP Basic authentication. You
might get a better answer if you try to make your issue clear.

> It looks like the server caches the
> username & password for some period of time.

If you're talking about Apache (again, an assumption on our
part, since you didn't make yourself clear), then no, it
doesn't cache the username and password. AFAIK no web servers
do.

> I would like to have the cache cleared after
> 5min. Is this possible on the server side??

Since there is no cache on the server side, the answer is no.

- --keith

- --
kkeller-mmmspam@wombat.san-francisco.ca.us
(try just my userid to email me)
alt.os.linux.slackware FAQ: http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj75GH8ACgkQhVcNCxZ5ID/djQCghudtgaPWhcTloTdJGvrlc392
ATsAn3hLWjBFoZHvFTleq2AlvzEo4Rml
=sE04
-----END PGP SIGNATURE-----

"Keith Keller" <kkeller-spammmm@wombat.san-francisco.ca.us> wrote in message
news:3a5bdb.sop.ln@goaway.wombat.san-francisco.ca.us...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <bdb306$kbf$1@nnrp.atgi.net>, David McCall wrote:
> > Maybe I didn't make my issue clear.
>
> You didn't, AAMOF, but presumably since you talked about
> .htaccess files you meant HTTP Basic authentication. You
> might get a better answer if you try to make your issue clear.
>
> > It looks like the server caches the
> > username & password for some period of time.
>
> If you're talking about Apache (again, an assumption on our
> part, since you didn't make yourself clear), then no, it
> doesn't cache the username and password. AFAIK no web servers
> do.
>
> > I would like to have the cache cleared after
> > 5min. Is this possible on the server side??
>
> Since there is no cache on the server side, the answer is no.
Interesting. I am running Apache1.3, and If I leave atleast one browser
window open
I am no longer prompted for a username and password. Yet whent I close them
all
I am prompted. What I want is to have some kind of auto-close after no
activity say
within 5 min. But I'm clueless as to how that might be programmed into the
server code.




>
> - --keith
>
> - --
> kkeller-mmmspam@wombat.san-francisco.ca.us
> (try just my userid to email me)
> alt.os.linux.slackware FAQ: http://wombat.san-francisco.ca.us/cgi-bin/fom
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAj75GH8ACgkQhVcNCxZ5ID/djQCghudtgaPWhcTloTdJGvrlc392
> ATsAn3hLWjBFoZHvFTleq2AlvzEo4Rml
> =sE04
> -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <bdcv8o$rh9$1@nnrp.atgi.net>, David McCall wrote:

> Interesting. I am running Apache1.3, and If I leave atleast one browser
> window open
> I am no longer prompted for a username and password. Yet whent I close them
> all
> I am prompted.

That's because the *browser* is caching the username and password
information. As Joshua said, the client is responsible for sending
them each time it makes an HTTP Basic authentication request.

> What I want is to have some kind of auto-close after no
> activity say
> within 5 min. But I'm clueless as to how that might be programmed into the
> server code.

It can't be programmed into the server code--it has to be done at
the client. (Using Javascript, for example, but that's not ontopic
for this newsgroup.)

- --keith

- --
kkeller-mmmspam@wombat.san-francisco.ca.us
(try just my userid to email me)
alt.os.linux.slackware FAQ: http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj76FroACgkQhVcNCxZ5ID+ZZwCfWHhbGWRQfw cyQ/BA0yHZCntR
hLIAnRVKsv7odGsMOIXGk/JkAmGXAuVR
=yFNY
-----END PGP SIGNATURE-----

> What I want is to have some kind of auto-close after no
> activity say
> within 5 min. But I'm clueless as to how that might be programmed into the
> server code.

If you want such feature, you have to switch from htaccess.
You have to use sessions.

--
Bertrand LUPART Linkeo.com - R&D | http://www.linkeo.com/
+33 1 72 71 71 82 | 17, rue de la Banque - F75002 Paris
Systèmes de gestion d'email entrant | Email management systems