Ok. Cool. I'm seeing the subsequent calls. For some reason, I didn't think I was before.
O.k. So, here's what I'm up to. After the user is logged into a realm, when Safari and Chrome, try to call via ajax the page with a new user/password, but it seems apache is returning the previous authentication. What I'm trying to figure out is if the new user/password is indeed being sent. If so, I want to force a new authentication, but only if the user is logged in and the Require restrict user_name (particular user) is the user specified. I've already implemented the Require restrict. Now, I'm going to see if I can force reauthentication in this case. As you may remember, I modified mod_auth_digest to authenticate against mysql. If this works then I can get Rest Based Authentication to work for Safari and Chrome. I probably won't work tonight, so hopefully I'll know by tomorrow afternoon sometime. Rest Based Aunthentication already works for FF and IE. If Firefox, IE, Chrome and Safari work, then a few more may, too. Opera can not be logged in to with Ajax as far as I can tell, so Opera is out with this implementation, regretably. I'm hoping this works as a viable htaccess security option, at least for me. No one else seems to be interested other than the author of the webpage on Rest Based Authentication. Margaret Michele Waldman Sovereign Sites L.L.C. Website Development 646-861-3375 Rule your domain ... -----Original Message----- From: Michele Waldman [mailto:mmwald...@nyc.rr.com] Sent: Friday, April 10, 2009 7:26 PM To: modules-dev@httpd.apache.org Subject: RE: mod_auth_digest Reply. I put print statements in the mod_auth_digest file to see values. I didn't see subsequent call, but I forgot to check the timestamps. I'll look again. Thanks. Margaret Michele Waldman Sovereign Sites L.L.C. Website Development 646-861-3375 Rule your domain ... -----Original Message----- From: Ray Morris [mailto:supp...@bettercgi.com] Sent: Friday, April 10, 2009 7:06 PM To: modules-dev@httpd.apache.org Subject: Re: mod_auth_digest You won't see anything special on the Apache side, I don't think. I believe the only difference between the first authentication and subsequent requests is that the browser (hopefully) sends the user/pass with each request, so there is no need for Apache to return a 401, causing the clinet to pop up the authentication dialog and re-request the page with the authentication info the secodn time around. -- Ray B. Morris supp...@bettercgi.com Strongbox - The next generation in site security: http://www.bettercgi.com/strongbox/ Throttlebox - Intelligent Bandwidth Control http://www.bettercgi.com/throttlebox/ Strongbox / Throttlebox affiliate program: http://www.bettercgi.com/affiliates/user/register.php On 04/10/2009 04:33:23 PM, Michele Waldman wrote: > Does anyone know? > > After a browser calls a page authenticated with mod_auth_digest, what > function or hook is called the next time the page is accessed. > > I figure it has to authenticate each time, but it's probably using a > short > cut to reauthenticate. I want to intervene but I'm not sure what's > getting > called on subsequent page accesses. > > Thanks, > > Michele > >