On Thu, Mar 19, 2009 at 04:36:42PM -0400, Jeff Trawick wrote: > Beyond the mod_authany question, why doesn't mod_ssl declare its check user > id hook really-first if it can generate the basic auth? (Let the extremely > limited number of modules which generate basic auth headers fight it out via > predecessor/successor lists.)
I doubt much thought has gone into it. Since, as you say, all the FakeBasic code needs to happen before the real check_user_id hooks run, I'd reckon it would make more sense to move it to e.g. the post_read_request hook (ssl_hook_ReadReq), rather than trying harder to win the hook ordering game? Regards, Joe
