homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

Apache password protect files, session?
Once a userid, passsed entered, how long in effect?

 12:36 am on Dec 10, 2008 (gmt 0)

Hi -

I am new to manipulating apache parameters on my hosted web site. I just established a passwd and userid for files within a directory.

After a user is correctly authorized and views file 1 - they would close that tab (I am using FF 3x) - and then they might go on and click on another link and view file 2. I had assumed initially that they would need re-authorization to view each file. But that is not the case.

FF does not show any cookies, session or otherwise for this site. The background is - a person clicks on a link from an html email and views the docs. Could the cookie be on the gmail's end and not on my web site's end.

Or does apache use another mechanmis. I need to be able to explain the process to users - so I need to understand what apache does.

Did I explain this clearly enough?




 12:59 am on Dec 10, 2008 (gmt 0)

Once you use and set the environment variables for Apache's basic authentication mechanism it typically holds true until the browser is closed. You can read more about Authentication, Authorization and Access Control [httpd.apache.org] in the Apache online documentation.


 2:22 am on Dec 10, 2008 (gmt 0)

Thank you. Actually I had read this doc prior to setting up .htaccess - however, after reading it again now - I see that the AuthName is the key. From the doc -

So, for example, once a client has authenticated in the "Restricted Files" area, it will automatically retry the same password for any area on the same server that is marked with the "Restricted Files" Realm. Therefore, you can prevent a user from being prompted more than once for a password by letting multiple restricted areas share the same realm.



 11:50 am on Dec 10, 2008 (gmt 0)

... and that userid and password are passed in plain text across the internet through your browser. Just a friendly reminder :-)


 9:22 pm on Dec 10, 2008 (gmt 0)

Yes - is the alternative to use SSL? I guess that wouldn't be AubhBasic.



 3:47 pm on Dec 11, 2008 (gmt 0)

It's recommended in the Introduction [httpd.apache.org]:


If your data really needs to be secure, consider using mod_ssl [httpd.apache.org] in addition to any authentication.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved