> On Mon, Jul 21, 2003 at 01:05:58AM +0200, Fatih Gey wrote:
> >
> > i was writing my own AuthHandler with modperl v2 (v1.99_09).
>
> [...]
>
> > After having entered user/pass via html-form, this authentification
> > does his job well, but on the following request (on same browser)
> > $obj->user doesnt seem to return any value.. so this handler tries
> > to compare http post data ( which arent present this time) with
> > userdata in mysql-table.. resulting in an Auth_Required error.
>
> Well, how do you suppose that the browser should know how and what
> credentials to send?
>
> Unless you (a) create a session-cookie, (b) encode a session-kei into
> each url or (c) use the simple but proper Basic Authentication scheme,
> there is no way to accomplish this. And from what I gather you are not
> doing any of that?
>
I supposed the browser to resend always an unique "bowser session id", which
is used by apache to save certain values, like $ENV{'REMOTE_USER'}
(similiar to a session-cookie with uid and serverbased $vars) ..
Isn't this the way Basic Authentication scheme works ? ..
