I have two domains, example1.com and example2.com, both served as virtual hosts
from my one Apache server. Digest authentication is required on both hosts,
using the same realm and htdigest file. Here's the configuration for
example1.com:
VirtualHost *:80
ServerName www.example1.com:80
AuthType Digest
AuthName example realm
AuthDigestDomain http://www.example1.com http://www.example2.com
AuthUserFile /path/to/htdigest
Require valid-user
/VirtualHost
The configuration for example2.com is identical. The two sites use the same
AuthUserFile and AuthName.
I have AuthDigestDomain there, because I want to avoid prompting the user twice
for their login credentials when they visit both of these sites. That's what
AuthDigestDomain is explicitly supposed to be for. And yet, in my experience so
far it doesn't work at all. When someone visits example1.com and then goes to
example2.com, they have to enter their same username and password again.
Looking around for an explanation of this, I found very little. The most I
could find was one comment
(http://stackoverflow.com/questions/357939/example-of-using-authtype-digest-to-authenticate-a-user-once-across-sub-domains/1978392#1978392)
claiming that Most browsers do not respect the Digest domain directive and
will not resend credentials for other URIs. As far as I know, Opera is the only
browser that honors it.
Can anyone comment on whether this is true? Is AuthDigestDomain essentially
useless, because most browsers won't honor it?
Thanks,
Andrew.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
