I have two domains, example1.com and example2.com, both served as virtual hosts from my one Apache server. Digest authentication is required on both hosts, using the same realm and htdigest file. Here's the configuration for example1.com: <VirtualHost *:80> ServerName www.example1.com:80 AuthType Digest AuthName "example realm" AuthDigestDomain http://www.example1.com http://www.example2.com AuthUserFile /path/to/htdigest Require valid-user </VirtualHost> The configuration for example2.com is identical. The two sites use the same AuthUserFile and AuthName. I have AuthDigestDomain there, because I want to avoid prompting the user twice for their login credentials when they visit both of these sites. That's what AuthDigestDomain is explicitly supposed to be for. And yet, in my experience so far it doesn't work at all. When someone visits example1.com and then goes to example2.com, they have to enter their same username and password again. Looking around for an explanation of this, I found very little. The most I could find was one comment (http://stackoverflow.com/questions/357939/example-of-using-authtype-digest-to-authenticate-a-user-once-across-sub-domains/1978392#1978392) claiming that "Most browsers do not respect the Digest "domain" directive and will not resend credentials for other URIs. As far as I know, Opera is the only browser that honors it." Can anyone comment on whether this is true? Is AuthDigestDomain essentially useless, because most browsers won't honor it? Thanks, Andrew. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|