[Fwd: Re: Auth - Auhtz module session?]

[Ward Loockx]

---BeginMessage---

John ORourke wrote:

Ward Loockx wrote:
I've written a ldap auth-authz module in mod_perl but when I give in 
wrong username/pass I need to close my browser in order to get the 
login screen again. When I try to refresh without closing I'm getting 
the following message wich is obvious



 Authorization Required


First make sure you're returning the right response code - eg. if the 
password is wrong but you return a 2xx or 3xx to the browser instead 
of 401, the browser will think it's fine and just keep using the same 
credentials.


Also get yourself a copy of the Web Developer's Toolbar for Firefox - 
it includes options to clear browser authentication, cache and cookies 
and lots of other very useful tools for mod_perl development.


cheers
John


I think i use the good error codes.

I use Const::HTTP_UNAUTHORIZED when it fails
and Const::OK when it's OK

---End Message---

Re: Auth - Auhtz module session?

[John ORourke]

Ward Loockx wrote:
I've written a ldap auth-authz module in mod_perl but when I give in 
wrong username/pass I need to close my browser in order to get the 
login screen again. When I try to refresh without closing I'm getting 
the following message wich is obvious



 Authorization Required


First make sure you're returning the right response code - eg. if the 
password is wrong but you return a 2xx or 3xx to the browser instead of 
401, the browser will think it's fine and just keep using the same 
credentials.


Also get yourself a copy of the Web Developer's Toolbar for Firefox - it 
includes options to clear browser authentication, cache and cookies and 
lots of other very useful tools for mod_perl development.


cheers
John