Apache removal of user"s access rights

Apache removal of user"s access rights

am 11.07.2008 23:47:53 von bokun

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8E39F.C5DC7C55
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi.............
=20
We're running Apache with ssl enabled..........We're using Basic =
authentication, and if the user browses away from our site and then =
comes back, they are not forced to log on again.......it appears that =
these settings are being stored somewhere, or that the connection is not =
being closed..........
=20
If you have any suggestions on how to remedy this situation, it would =
really be appreciated.
=20
Thank you for your time............
=20
Sincerely,
=20
Beth E. Okun

------_=_NextPart_001_01C8E39F.C5DC7C55
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=0A=
=0A=
=0A=
=0A=

size=3D2>Hi.............
=0A=
 
=0A=
We're running Apache with ssl =
enabled..........We're using Basic authentication, and if the =
user browses away from our site and then comes back, they are =
not forced to log on again.......it appears that these settings are =
being stored somewhere, or that the connection is not being =
closed..........
=0A=
 
=0A=
If you have any suggestions on how to =
remedy this situation, it would really be appreciated.
=0A=
 
=0A=
Thank you for your =
time............
=0A=
 
=0A=
Sincerely,
=0A=
 
=0A=
Beth E. Okun

------_=_NextPart_001_01C8E39F.C5DC7C55--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache removal of user"s access rights

am 12.07.2008 01:37:37 von Michael

Beth E. Okun wrote:
>
> We're running Apache with ssl enabled..........We're using Basic
> authentication, and if the user browses away from our site and then
> comes back, they are not forced to log on again.......it appears that
> these settings are being stored somewhere, or that the connection is not
> being closed..........

How about to read about how Basic Authentication works? Or maybe watch
the traffic with http://livehttpheaders.mozdev.org? Basically the
browser caches username/password once entered for a HTTP authc realm and
sends it in the header of every HTTP request. That's the problem with
HTTP basic authc.

Ciao, Michael.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache removal of user"s access rights

am 12.07.2008 10:01:40 von Gilles Cuesta

Michael Ströder a =E9crit :
> Beth E. Okun wrote:
>>
>> We're running Apache with ssl enabled..........We're using Basic=20
>> authentication, and if the user browses away from our site and then=20
>> comes back, they are not forced to log on again.......it appears that=20
>> these settings are being stored somewhere, or that the connection is=20
>> not being closed..........
>
> How about to read about how Basic Authentication works? Or maybe watch=20
> the traffic with http://livehttpheaders.mozdev.org? Basically the=20
> browser caches username/password once entered for a HTTP authc realm=20
> and sends it in the header of every HTTP request. That's the problem=20
> with HTTP basic authc.
This Apache related, not modssl related.

Whereas, there are technical ways to reproduce an end of session, using=20
secondary session_id, just like phpmyadmin.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org