----- Original Message -----
From: Pierre Phaneuf <[EMAIL PROTECTED]>
To: modperl <[EMAIL PROTECTED]>
Sent: Monday, March 05, 2001 9:29 AM
Subject: Re: Authentication handlers
> Cees Hek wrote:
>
> > So instead of storing a y/n in the database, store a unique string that
is
> > used as the realm, and clear it when they log out. Now everytime you
send
> > the Authenitication required header, send the unique realm for this user
> > that you stored in the database, and if it doesn't exist, generate a new
> > one.
>
> Good one! The only bad thing I see is that the realm is visible in the
> dialog box the user see, isn't it? Seeing a random string might be a bit
> unsettling for the user, but there is no technical reason for it not to
> work.
>
> --
> Pierre Phaneuf
> Systems Exorcist
Hi,
Are you guys sure about this ? I just tried it out and it doesn't work for
Apache1.3.12(win32) on win 98.
I visited a page in a 'basic authentication' protected directory, then
changed the name of the realm from 'htdocs access' to 'htdocs' but was still
able to access other pages in the same directory without being hit for
username and password. I tried hitting the back button and 'refreshing', and
I also visited another site in the interim. All to no avail.
Cheers,
Rob Gilmour
Visit our website at http://www.kalinabears.com.au
