> information. If someone restricts access to an area, they > have restricted access to the area. You have to access that > area to get "information" (in this case, a redirect), so > you require auth. > However, if redirect is carried out first, then the user may not even be in the authentication realm! Even if redirect is executed first, the authentication information would _still_ be carried out and one would not sacrifice any restricted information.
> As for executing things "in the order they appear in htaccess > files", this makes no sense and is completely unsupportable. > It may sound nice, but if you actually think about how it would > work it would be very ugly. > this would be the best of both worlds, solving both problems. True it might get ugly under the current way apache is done, but maybe for 2.0 it wouldn't be. Atleast suspend the report so the idea isn't lost?
