>From: "Jean-Michel Hiver" <[EMAIL PROTECTED]>
>
> I *CANNOT* use cookies nor URIs for any kind of session tracking.
> Otherwise I don't think I would have posted this message to the list in
> the first place :-)
>
> I agree that HTTP Basic authentication is totally and uterly ugly, but I
> am going to have to stick with it no matter what... My problem is:
>
> How do I tell apache to set the $ENV{REMOTE_USER} variable if the
> browser sent the credentials, or leave $ENV{REMOTE_USER} undef
> otherwise, without sending a 401 back.
I didn't think a browser would send authentication unless the server
requested it for an authentication domain. How are you going to
get some people to send the credentials and some not unless you
use different URLs so the server knows when to request them?
Note that you don't have to embed session info here, just add
some element to the URL that serves as the point where you
request credentials and omit it for people that don't log in. Or
redirect to a different vhost that always requires authentication but
serves the same data.
Les Mikesell
[EMAIL PROTECTED]
