Apache removal of user's access rights - modssl

This is a discussion on Apache removal of user's access rights - modssl ; Hi............. We're running Apache with ssl enabled..........We're using Basic authentication, and if the user browses away from our site and then comes back, they are not forced to log on again.......it appears that these settings are being stored somewhere, or ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Apache removal of user's access rights

  1. Apache removal of user's access rights

    Hi.............

    We're running Apache with ssl enabled..........We're using Basic authentication, and if the user browses away from our site and then comes back, they are not forced to log on again.......it appears that these settings are being stored somewhere, or that the connection is not being closed..........

    If you have any suggestions on how to remedy this situation, it would really be appreciated.

    Thank you for your time............

    Sincerely,

    Beth E. Okun


  2. Re: Apache removal of user's access rights

    Beth E. Okun wrote:
    >
    > We're running Apache with ssl enabled..........We're using Basic
    > authentication, and if the user browses away from our site and then
    > comes back, they are not forced to log on again.......it appears that
    > these settings are being stored somewhere, or that the connection is not
    > being closed..........


    How about to read about how Basic Authentication works? Or maybe watch
    the traffic with http://livehttpheaders.mozdev.org? Basically the
    browser caches username/password once entered for a HTTP authc realm and
    sends it in the header of every HTTP request. That's the problem with
    HTTP basic authc.

    Ciao, Michael.
    __________________________________________________ ____________________
    Apache Interface to OpenSSL (mod_ssl) www.modssl.org
    User Support Mailing List modssl-users@modssl.org
    Automated List Manager majordomo@modssl.org


  3. Re: Apache removal of user's access rights

    Michael Ströder a écrit :
    > Beth E. Okun wrote:
    >>
    >> We're running Apache with ssl enabled..........We're using Basic
    >> authentication, and if the user browses away from our site and then
    >> comes back, they are not forced to log on again.......it appears that
    >> these settings are being stored somewhere, or that the connection is
    >> not being closed..........

    >
    > How about to read about how Basic Authentication works? Or maybe watch
    > the traffic with http://livehttpheaders.mozdev.org? Basically the
    > browser caches username/password once entered for a HTTP authc realm
    > and sends it in the header of every HTTP request. That's the problem
    > with HTTP basic authc.

    This Apache related, not modssl related.

    Whereas, there are technical ways to reproduce an end of session, using
    secondary session_id, just like phpmyadmin.
    __________________________________________________ ____________________
    Apache Interface to OpenSSL (mod_ssl) www.modssl.org
    User Support Mailing List modssl-users@modssl.org
    Automated List Manager majordomo@modssl.org


+ Reply to Thread