How to achieve single htpasswd login with Apache when using both SSL and non-SSL web pages in a site?
Ben Scott
dragonhawk at gmail.com
Tue Jul 11 18:37:00 EDT 2006
On 7/11/06, Dan Coutu <coutu at snowy-owl.com> wrote:
> Apparently the shift to/from SSL is considered by browsers to be a
> different realm.
Makes sense from a security perspective. Think about starting with
SSL and then downgrading to cleartext. Suddenly your HTTP
authentication credentials aren't secure anymore...
> Guess I'm stuck then. I know of no way to convince a web browser to
> change this particular behavior.
From what I've seen in use, I think you might be able to work around
this with HTTP cookies, and/or encoding some kind of session state in
the URL and/or a form submission. But I've never done it, myself.
-- Ben
More information about the gnhlug-discuss
mailing list