Success!
The problem is, the tokencode sent by the user expires the instant its
validity is determined. That the browser caches this and returns it over
and over is not only a nuisance, it can cause the SecurID server to
disable the token.
Problem was, the client kept coughing up an invalid cookie which was
checked, deemed invalid, and the AUTH_REQUIRED sent back. Just made a
loop the module could never escape. Now I (correctly) hand expired
cookies off to the SecurID portion of our show, which forces another basic
auth.
At any rate, point is, two 401s in quick succession will throw an
authorization failed message at the user, then prompt for a new
username/password. I haven't had a user who didn't understand, in some
vague way, that his surfing had come to an end and he'd have to fish the
tokencard out one more time.
Thanks!
Wy
On 2 Nov 1999, Greg Stark wrote:
>
> I think if you send a 401 in response to a request that contained auth data
> the user will typically see a "Authentication failed" box, which may look bad
> compared to just getting the password dialog.
>
> Actually I couldn't get this to work a while back, but I didn't try very hard.
>
>
> "Andrei A. Voropaev" <[EMAIL PROTECTED]> writes:
>
> > On Mon, Nov 01, 1999 at 05:03:58PM -0500, Robin Berjon wrote:
> > > I've never tried this but doesn't sending two 401s in a row for the same
> > > document have the auth popup appear again ?
> >
> > I feel like this topic gets slightly confusing. Browser sends request,
> > gets 401 back, asks user for username and password if it doesn't have
> > one cached already. If it has one cached for this particular realm
> > then it attempts to send the cached values. If in response it gets 401
> > again then it asks user for new username and password for this realm.
> > As far as I know it always takes 2 requests to get protected
> > document. First one returns with 401 code and realm for authentication,
> > second request is done with appropriate user name and password.
> >
> > So if for some reason you decide that some user name and password is
> > not valid any more then you should make sure that if they are sent any
> > number of times later then your authentication handler says no
> > always.
> >
> > Andrei
> >
> > --
> >
>
> --
> greg
>
>
Wyman Miles
Senior Systems Administrator, Rice University, Texas.
(713) 737-5827, e-mail:[EMAIL PROTECTED], pager:[EMAIL PROTECTED]
