Okay,
I'm working on a PerlAuthenHandler that returns AUTH_REQUIRED unless a
file is less than a certain number of seconds old.
I've noticed a problem:
In Netscape (and probably IE), if a handler returns AUTH_REQUIRED, the
user can just hit 'Ok' on the password dialogue without typing in a
password and the browser will resend the original information again.
If the password in cache is still valid, it will
reauthenticate without prompting the user again. This can't be
cool. I've found that I have to make sure that the $sent_pw in
my ($res, $sent_pw) = $r->get_basic_auth_pw;
isn't null or 0.
Also, IE doesn't always give a user the password dialog when given an
AUTH_REQUIRED response. If IE sends a username/password because of an
AUTH_REQUIRED response, and gets an AUTH_REQUIRED response in return, it
will resend the information again, this makes it really difficult to deal
with different browsers during the Authentication phase.
Any ideas or comments?
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/
