[thelist] Authentication problem with Apache/PHP
Andrew Forsberg
andrew at thepander.co.nz
Thu Apr 26 15:59:13 CDT 2001
>point the user is accepted automatically and he does not need to re-enter
>his user/password.
>
>I don't want this to be possible, i want the user to enter the user/password
>again. Is their an apache command to kill the session or some other
>approach to this problem???
Hi
I'm fairly sure this is impossible with htpasswd / htaccess. From
memory the specs on http authentication state that the browser should
force the user to reenter a username / password, but no browsers
currently enforce this. I could be wrong about the specs, but at any
rate: the username / password they enter successfully is used every
time they reenter the protected directory on the server -- at least,
until the user quits their browser, and then opens it and goes to the
login page again.
If you don't want that sort of behaviour then you'll need to write a
custom authentication routine with PHP (or whatever other language
you like).
- Andrew
--
Andrew Forsberg
http://www.thepander.co.nz/
More information about the thelist
mailing list