> How i expected the ErrorDocument directive to behave was as > follows: WHEN there was an error 401 (ie the user had logged in 3 > times and failed) there would be an error page shown (in this case > it would be /error/401). But instead what seems to be happening as > soon as a user goes to an authorisation required area they are just > displayed the errordocument page right away without even being asked > to login, forgive me if im wrong but this surely means the > ErrorDocument handler is behaving in a non-standard way with > mod-perl as opposed to using static pages as error urls. I have > included the module, its only small and ive cut out some of the > useless code to keep it short.
is your module calling $r->note_basic_auth_failure before it does a return AUTH_REQUIRED; ? $r->note_basic_auth_failure inserts the header WWW-Authenticate into the header stream, which when combined with an error 401 signals a browser to give a password prompt. The BROWSER SOFTWARE (*NOT* your webserver) will prompt the user for a password, often 3 times but that's not required. After that third time, the browser simply displays the 401 page that it's been seeing *the whole time*, instead of prompting you for a password again. Without that WWW-Authenticate header, the browser has no choice recourse except to show the 401. HTH! L8r, Rob