- raja agireddy wrote:
> Hello,I guess your modifications are the culprit, then :)
> I have implemented modperl2.0, Apache2.0 and AuthenSmb0.72. I have
> modified AuthenSmb to include timeout conditions.
> Everthing works fine, with an exception.
> When the user logs in first does any wrong thing with the password andhopefully you meant 401 and not 01 - get_basic_auth_pw should either return
> user entry the r->get_basic_auth_pw(...) returns 01.
OK (0) or an HTTP status code, such as 401.
> After the first time out also the r->get_basic_auth_pw(...) works fine.of course it does :) all that call does is glean the information from the
>>From the second timeout onwards if the user hits cancel the
> r->get_basic_auth_pw(...) returns 0 i.e successful.
Authorization header. so, timeout or not, once the user has authenticated
you'll get that Authorization header forever and ever, until the user closes
> I do not know why it is returning this way. This is the only exceptionif by "timeout" conditions you mean you try to invalidate a session that was
> condition when it returns the wrong status result. Please let me know
> if you know anything about this issue.
previously authenticated the problem is likely you don't understand how the
browser and httpd are interacting. fortunately for you, this topic was just
discussed on this very list very recently:
in short, you shouldn't be relying on get_basic_auth_pw() to do your
validation for you - it merely provides to you the user input so you can
authenticate them for yourself.