> How i expected the ErrorDocument directive to behave was as
> follows: WHEN there was an error 401 (ie the user had logged in 3
> times and failed) there would be an error page shown (in this case
> it would be /error/401). But instead what seems to be happening as
> soon as a user goes to an authorisation required area they are just
> displayed the errordocument page right away without even being asked
> to login, forgive me if im wrong but this surely means the
> ErrorDocument handler is behaving in a non-standard way with
> mod-perl as opposed to using static pages as error urls. I have
> included the module, its only small and ive cut out some of the
> useless code to keep it short.
is your module calling
$r->note_basic_auth_failure
before it does a
return AUTH_REQUIRED;
?
$r->note_basic_auth_failure inserts the header WWW-Authenticate into the
header stream, which when combined with an error 401 signals a browser to
give a password prompt. The BROWSER SOFTWARE (*NOT* your webserver) will
prompt the user for a password, often 3 times but that's not required.
After that third time, the browser simply displays the 401 page that it's
been seeing *the whole time*, instead of prompting you for a password again.
Without that WWW-Authenticate header, the browser has no choice recourse
except to show the 401.
HTH!
L8r,
Rob
