How to achieve single htpasswd login with Apache when using both SSL and non-SSL web pages in a site?
Bob Bell
b_gnhlug at thebellsplace.com
Tue Jul 11 15:33:00 EDT 2006
On Tue, Jul 11, 2006 at 12:06:02PM -0400, Dan Coutu wrote:
>When entering the site Apache properly does it's login thing and
>authenticates the user. The entry point is normally a non-SSL web page.
>When the user goes to a page that uses SSL they are prompted a second
>time, by Apache, to login!
Are you sure it's Apache asking them to log in? HTTP Basic
Authentication (what I believe you're using) actually happens with
*every* page request. The username and a (weakly) hashed password is
sent every time you GET a page. Perhaps it's the web browser that's
keeping the credentials separate for HTTP and HTTPS?
--
Bob Bell
More information about the gnhlug-discuss
mailing list