[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: module execution order State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Tue Sep 22 22:48:49 PDT 1998 State-Changed-Why: Authentication has to come first to avoid revealing private information. If someone restricts access to an area, they have restricted access to the area. You have to access that area to get "information" (in this case, a redirect), so you require auth. Say you were redirecting people to a ftp site with a login and password and you wanted to require authentication before you redirected them with that password. Sure, there are examples where it would be useful to do it the other way around but the basic concept that information should not be revealed from a trusted area to a user that shouldn't have access to that area. Documents are not the only form of information by any means. As for executing things "in the order they appear in htaccess files", this makes no sense and is completely unsupportable. It may sound nice, but if you actually think about how it would work it would be very ugly. Release-Changed-From-To: 1.x-1. x Release-Changed-By: marc Release-Changed-When: Tue Sep 22 22:48:49 PDT 1998
