Welcome to WebmasterWorld Guest from 54.205.209.95

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Apache password protect files, session?

Once a userid, passsed entered, how long in effect?

   
12:36 am on Dec 10, 2008 (gmt 0)

10+ Year Member



Hi -

I am new to manipulating apache parameters on my hosted web site. I just established a passwd and userid for files within a directory.

After a user is correctly authorized and views file 1 - they would close that tab (I am using FF 3x) - and then they might go on and click on another link and view file 2. I had assumed initially that they would need re-authorization to view each file. But that is not the case.

FF does not show any cookies, session or otherwise for this site. The background is - a person clicks on a link from an html email and views the docs. Could the cookie be on the gmail's end and not on my web site's end.

Or does apache use another mechanmis. I need to be able to explain the process to users - so I need to understand what apache does.

Did I explain this clearly enough?

dp

12:59 am on Dec 10, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Once you use and set the environment variables for Apache's basic authentication mechanism it typically holds true until the browser is closed. You can read more about Authentication, Authorization and Access Control [httpd.apache.org] in the Apache online documentation.
2:22 am on Dec 10, 2008 (gmt 0)

10+ Year Member



Thank you. Actually I had read this doc prior to setting up .htaccess - however, after reading it again now - I see that the AuthName is the key. From the doc -

So, for example, once a client has authenticated in the "Restricted Files" area, it will automatically retry the same password for any area on the same server that is marked with the "Restricted Files" Realm. Therefore, you can prevent a user from being prompted more than once for a password by letting multiple restricted areas share the same realm.

Thaanks

11:50 am on Dec 10, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



... and that userid and password are passed in plain text across the internet through your browser. Just a friendly reminder :-)
9:22 pm on Dec 10, 2008 (gmt 0)

10+ Year Member



Yes - is the alternative to use SSL? I guess that wouldn't be AubhBasic.

deb

3:47 pm on Dec 11, 2008 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It's recommended in the Introduction [httpd.apache.org]:


Note:

If your data really needs to be secure, consider using

mod_ssl [httpd.apache.org]
in addition to any authentication.