| View previous topic :: View next topic |
| Author |
Message |
cowboy
-
Joined: 31 Jan 2005
Posts: 2
|
 Posted: Mon Jan 31, 2005 4:16 pm Post subject: request password each visit |
 |
|
Hello, I am new to this forum and to Aprelium. I have my site up and running however, I would like my site to prompt for user name and password each time a user visits a specific page. I have access rules in place which will prompt for user name and password, but it only does this the first time someone visists. How can I make my server prompt for user name and password each and every visit?
Thank you! |
|
| Back to top |
  |
 |
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Mon Jan 31, 2005 4:39 pm Post subject: |
|
|
Unfortunately, most browsers cache username/password credentials to last until the end of a browser session - ie when the user closes the browser, then next time they visit the site it will prompt them for the password again. This is in part due to the way the http protocol works - it is not a problem with Abyss...
If you want to prompt for username/password every single visit you will have to look at a session or cookie based access control method rather than using Abyss.
For more detailed info :
| Quote: |
Because the HTTP protocol is stateless, each request will be treated in the same way, even though they are from the same client. That is, every resource which is requested from the server will have to supply authentication credentials over again in order to receive the resource.
Fortunately, the browser takes care of the details here, so that you only have to type in your username and password one time per browser session - that is, you might have to type it in again the next time you open up your browser and visit the same web site.
Along with the 401 response, certain other information will be passed back to the client. In particular, it sends a name which is associated with the protected area of the web site. This is called the realm, or just the authentication name. The client browser caches the username and password that you supplied, and stores it along with the authentication realm, so that if other resources are requested from the same realm, the same username and password can be returned to authenticate that request without requiring the user to type them in again. This caching is usually just for the current browser session, but some browsers allow you to store them permanently, so that you never have to type in your password again.
|
This is actually taken from the Apache docs but the same holds true for Abyss. |
|
| Back to top |
|
|
k1ll3rdr4g0n
-
Joined: 04 Jul 2004
Posts: 609
|
| Posted: Mon Jan 31, 2005 5:15 pm Post subject: |
|
|
I think that they should implement a time-based auth (or a cookie). That way the user will only be loged in for X amount of seconds/minutes/hrs ect...
_________________
 |
|
| Back to top |
 |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
