> And how would users who have a different set of credentials they could > use for this second URL enter those credentials? The RFC specifies a 401 > response in this scenario to allow a UA to resubmit different > credentials. > > You might not care about the RFC, but Apache and browsers mostly do. The > behaviour you want goes against the behaviour described in the RFC, so > to get it you would need to have a custom authorization system.
Well, so I'm acknowledging there's no way to do what I want to do, but I'll respond to this anyway. Suppose somebody were to launch an FTP client and browse a remote site. If they attempt to access an area where they are denied access, they would get "access denied" and then they would know they got access denied with the current credentials. If they have another set of credentials, they will know they should reconnect with different credentials. If they're already authenticated and browsing along a website and try to access a restricted item, they don't get "access denied" they get "please enter your username/password" which is identical behavior as unauthenticated users. The users that I support generally think to themselves, "I thought I already did?" And they retry and retry until they finally conclude that isn't going to work. Each browser has a different way of allowing a user to re-authenticate with different credentials. Some have more than one way. So I acknowledge the world isn't perfect, you don't always get everything you want, but I do want you to acknowledge one thing, if you please: If a user is already authenticated, and they try to access something which is denied, then it is more useful to communicate to the user "Your current credentials were denied" and "You may now authenticate with different credentials if you wish" instead of giving them the "Please enter username/password" prompt which is identical to an unauthenticated user. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
