Loading ...
Sorry, an error occurred while loading the content.

Re: r->get_basic_auth_pw(...)

Expand Messages
  • Geoffrey Young
    ... I guess your modifications are the culprit, then :) ... hopefully you meant 401 and not 01 - get_basic_auth_pw should either return OK (0) or an HTTP
    Message 1 of 3 , Jun 30, 2005
    • 0 Attachment
      raja agireddy wrote:
      > Hello,
      >
      > I have implemented modperl2.0, Apache2.0 and AuthenSmb0.72. I have
      > modified AuthenSmb to include timeout conditions.
      >
      > Everthing works fine, with an exception.

      I guess your modifications are the culprit, then :)

      > When the user logs in first does any wrong thing with the password and
      > user entry the r->get_basic_auth_pw(...) returns 01.

      hopefully you meant 401 and not 01 - get_basic_auth_pw should either return
      OK (0) or an HTTP status code, such as 401.

      > After the first time out also the r->get_basic_auth_pw(...) works fine.
      >>From the second timeout onwards if the user hits cancel the
      > r->get_basic_auth_pw(...) returns 0 i.e successful.

      of course it does :) all that call does is glean the information from the
      Authorization header. so, timeout or not, once the user has authenticated
      you'll get that Authorization header forever and ever, until the user closes
      the browser.

      > I do not know why it is returning this way. This is the only exception
      > condition when it returns the wrong status result. Please let me know
      > if you know anything about this issue.

      if by "timeout" conditions you mean you try to invalidate a session that was
      previously authenticated the problem is likely you don't understand how the
      browser and httpd are interacting. fortunately for you, this topic was just
      discussed on this very list very recently:

      http://marc.theaimsgroup.com/?t=111945358200001&r=1&w=2

      in short, you shouldn't be relying on get_basic_auth_pw() to do your
      validation for you - it merely provides to you the user input so you can
      authenticate them for yourself.

      HTH

      --Geoff
    Your message has been successfully submitted and would be delivered to recipients shortly.