On Monday 02 October 2006 21:40, António Mota wrote: > Hello: > > I'm trying to do some basic authentication that checks for user > existence on every request, something like this: > > 1) User asks page > 2) Server answer with a 401 > 3) Browser ask for User id/pwd > 4) Browser sends User id/pwd > 5) Server looks into user file if user id/pwd exists Yep. > so far so good, but i was expecting that steps 4) and 5) will repeat > for every request from the Browser from now on. Yep. Browser remembers credentials. > But it seems that does > not happen. Hmm? > I have my user file updated by a external application (at the moment > it's me updating manually between requests) so i expected that if i > deleted the user id/pwd from the file between subsquent 4) - 5) the > server will detect that the user id was not on the file anymore and > ask again for a user id/pwd or signal the browser of invalid > credencials. What's in your access log? Either your authentication module is cacheing something, or (very likely) the browser is. > But that doesen´t happen, it seems step 5) isn't executed anymore > (unless i clear the TTP Authentication ofcourse). what do you mean by that? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.prenhallprofessional.com/title/0132409674 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|