This is a multi-part message in MIME format.
--------------010204010009060401090407
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



--------------010204010009060401090407
Content-Type: message/rfc822;
name="Re: Auth - Auhtz module session?.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Re: Auth - Auhtz module session?.eml"

Message-ID: <479F027D.8060100@besite.be>
Date: Tue, 29 Jan 2008 11:39:57 +0100
From: Ward Loockx
Organization: Besite
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: John ORourke
Subject: Re: Auth - Auhtz module session?
References: <479EFF70.3010103@besite.be> <479F0157.3060500@o-rourke.org>
In-Reply-To: <479F0157.3060500@o-rourke.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

John ORourke wrote:
> Ward Loockx wrote:
>> I've written a ldap auth-authz module in mod_perl but when I give in
>> wrong username/pass I need to close my browser in order to get the
>> login screen again. When I try to refresh without closing I'm getting
>> the following message wich is obvious
>>
>>
>> Authorization Required

>
> First make sure you're returning the right response code - eg. if the
> password is wrong but you return a 2xx or 3xx to the browser instead
> of 401, the browser will think it's fine and just keep using the same
> credentials.
>
> Also get yourself a copy of the Web Developer's Toolbar for Firefox -
> it includes options to clear browser authentication, cache and cookies
> and lots of other very useful tools for mod_perl development.
>
> cheers
> John
>

I think i use the good error codes.

I use Const::HTTP_UNAUTHORIZED when it fails
and Const::OK when it's OK


--------------010204010009060401090407--