Forum Moderators: phranque
I encountered this problem.
I have .htaccess file:
AuthType Basic
AuthName “RestrictedFilesmain”
AuthUserFile “d:\Program Files\Apache Group\Apache2\htdocs\main\conf\c.htpasswd”
ErrorDocument 401 “ERROR_ 441 Authorization Required”
ErrorDocument 403 “ERROR_ 403 Forbidden”
ErrorDocument 404 “ERROR_ 404 Not Found”
Require user loggeduser
Require user chris
and c.htpasswd file
loggeduser:10144831511059024327
chris:a2wssd
When I log in into the protected page for the first time I enter chris:a2wssd and I am allowed to enter the page. Next I change password in the c.httpasswd file into a2ws4ss. And I still have access to the page just using refresh button in my Firefox browser.
It looks like the Apache server didn’t notice that I have changed the password value in the mean time. What’s wrong? I need to stop immediately the access to the protected page by changing the password in the file.
Regards chris
Is the secured page served with proper cache-control headers?
If not, the browser may be showing you a previously-cached copy of the page, unless that page was served with proper HTTP cache-control headers (such as "Cache-Control: private, must-revalidate" or "Cache-Control: no-cache, must-revalidate"). If you need to check these headers, the "Live HTTP Headers" add-on for Firefox/Mozilla-based browsers is quite handy.
Also, I note several problems with character-code-translation in your post above. To minimize headaches, make sure that all characters in your Apache config files are U.S. ASCII/plain text or UTF-8, and not UTF-16 or anything else. Of particular concern is the space between "ERROR_" and "441" -- which should also be "401", I suspect...
Jim
