Forum Moderators: phranque
I've been looking around the apache code a little, but am very unfamiliar with it.
I'm looking to find out which apache c module determines whether or not to log a user in given new credentials.
I'm guessing the module would call the hooks to verify mod_auth_digest creditials before or after determining that the user should be logged in.
I found ap_add_common_variables which sets up the variables to write to the environmnet, but could not find the code that actually writes to the environment.
I was also logging at modules/http/http_reqest.c and thinking I might be in the right ballpark.
I simply want to either force a new login with new validated credential everytime (very expensive) or compare the logged in user name to the new credentials name and if different log the user in, even if the request is for a subdocument.
the creditials are validated for the ajax page access, but the new user is not logged in.
What do you man by "logged in"? No one is logged in at server side beyond the lifetime of a request. Either access is granted for a specific request or not. The state is not saved, it is lost at the end of the request.
The client remembers the credentials and sends them with the next request. Apparently the client does not use the credentials from the "ajax request" for a new "full" request but the old credentials from the last "full" request if the new full request does not send the (new) credentials from your previous "ajax request".
