How to achieve single htpasswd login with Apache when using both SSL and non-SSL web pages in a site?

Bob Bell b_gnhlug at thebellsplace.com
Tue Jul 11 15:33:00 EDT 2006


On Tue, Jul 11, 2006 at 12:06:02PM -0400, Dan Coutu wrote:
>When entering the site Apache properly does it's login thing and 
>authenticates the user. The entry point is normally a non-SSL web page.  
>When the user goes to a page that uses SSL they are prompted a second 
>time, by Apache, to login!

Are you sure it's Apache asking them to log in?  HTTP Basic 
Authentication (what I believe you're using) actually happens with 
*every* page request.  The username and a (weakly) hashed password is 
sent every time you GET a page.  Perhaps it's the web browser that's 
keeping the credentials separate for HTTP and HTTPS?

-- 
Bob Bell



More information about the gnhlug-discuss mailing list