Apache removal of user's access rights
This is a discussion on Apache removal of user's access rights within the Modssl Users forums, part of the Web Server and Related Forums category; Hi............. We're running Apache with ssl enabled..........We're using Basic authentication, and if the user browses away from ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-11-2008
|
|||
|
|||
Apache removal of user's access rights
Hi.............
We're running Apache with ssl enabled..........We're using Basic authentication, and if the user browses away from our site and then comes back, they are not forced to log on again.......it appears that these settings are being stored somewhere, or that the connection is not being closed.......... If you have any suggestions on how to remedy this situation, it would really be appreciated. Thank you for your time............ Sincerely, Beth E. Okun 
|
|
07-12-2008
|
|||
|
|||
|
Re: Apache removal of user's access rights
Beth E. Okun wrote:
> > We're running Apache with ssl enabled..........We're using Basic > authentication, and if the user browses away from our site and then > comes back, they are not forced to log on again.......it appears that > these settings are being stored somewhere, or that the connection is not > being closed.......... How about to read about how Basic Authentication works? Or maybe watch the traffic with http://livehttpheaders.mozdev.org? Basically the browser caches username/password once entered for a HTTP authc realm and sends it in the header of every HTTP request. That's the problem with HTTP basic authc. Ciao, Michael. __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org
|
|
07-12-2008
|
|||
|
|||
|
Re: Apache removal of user's access rights
Michael Ströder a écrit :
> Beth E. Okun wrote: >> >> We're running Apache with ssl enabled..........We're using Basic >> authentication, and if the user browses away from our site and then >> comes back, they are not forced to log on again.......it appears that >> these settings are being stored somewhere, or that the connection is >> not being closed.......... > > How about to read about how Basic Authentication works? Or maybe watch > the traffic with http://livehttpheaders.mozdev.org? Basically the > browser caches username/password once entered for a HTTP authc realm > and sends it in the header of every HTTP request. That's the problem > with HTTP basic authc. This Apache related, not modssl related. Whereas, there are technical ways to reproduce an end of session, using secondary session_id, just like phpmyadmin. __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org
|
Linear Mode
