[thelist] Authentication problem with Apache/PHP

Andrew Forsberg andrew at thepander.co.nz
Thu Apr 26 15:59:13 CDT 2001


>point the user is accepted automatically and he does not need to re-enter
>his user/password.
>
>I don't want this to be possible, i want the user to enter the user/password
>again. Is their an apache command to kill the session or  some other
>approach to this problem???

Hi

I'm fairly sure this is impossible with htpasswd / htaccess. From 
memory the specs on http authentication state that the browser should 
force the user to reenter a username / password, but no browsers 
currently enforce this. I could be wrong about the specs, but at any 
rate: the username / password they enter successfully is used every 
time they reenter the protected directory on the server -- at least, 
until the user quits their browser, and then opens it and goes to the 
login page again.

If you don't want that sort of behaviour then you'll need to write a 
custom authentication routine with PHP (or whatever other language 
you like).

- Andrew
-- 
Andrew Forsberg
http://www.thepander.co.nz/




More information about the thelist mailing list