Hi Nick, nive to ear from you... I took your sugestion and look at the access.log (i wouldn't think of that...) and i think the problem wath's not what i thought. As you know, my Apache server is used as a proxy reverse server, and it seems the problem is with that. Im my server i have a few pages that are indeed atuthenticated each time i visit them. 127.0.0.1 - abcd [03/Oct/2006:13:38:07 +0100] "GET /rproxy.html HTTP/1.1" 304 - (abc is the user) and if i dinamically delete that user from the file next time he/she will be asked from authentication again. That is the beahaviour i expected. However when i proxy-reverse to other pages the authentication is never checked 127.0.0.1 - - [03/Oct/2006:13:55:52 +0100] "GET /url=http://www.gtinformatica.pt HTTP/1.1" 302 132 In this case, http://www.gtinformatica.pt is outside my server and needs no authentication, but since it passes thru my server i was expecting that it also be authenticated... Any help on this? Thanks a lot. 2006/10/2, Nick Kew <nick@xxxxxxxxxxxx>:
On Monday 02 October 2006 21:40, António Mota wrote: > Hello: > > I'm trying to do some basic authentication that checks for user > existence on every request, something like this: > > 1) User asks page > 2) Server answer with a 401 > 3) Browser ask for User id/pwd > 4) Browser sends User id/pwd > 5) Server looks into user file if user id/pwd exists Yep. > so far so good, but i was expecting that steps 4) and 5) will repeat > for every request from the Browser from now on. Yep. Browser remembers credentials. > But it seems that does > not happen. Hmm? > I have my user file updated by a external application (at the moment > it's me updating manually between requests) so i expected that if i > deleted the user id/pwd from the file between subsquent 4) - 5) the > server will detect that the user id was not on the file anymore and > ask again for a user id/pwd or signal the browser of invalid > credencials. What's in your access log? Either your authentication module is cacheing something, or (very likely) the browser is. > But that doesen´t happen, it seems step 5) isn't executed anymore > (unless i clear the TTP Authentication ofcourse). what do you mean by that? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.prenhallprofessional.com/title/0132409674 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Melhores cumprimentos / Kind regards António Santos Mota --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|