I hope I'm posting to the right list and everyone hasn't already seen my posting.
As it works on my server, if a user is logged into htaccess and a webpage accesses another webpage via ajax using new credentials, the creditials are validated for the ajax page access, but the new user is not logged in. I've been looking around the apache code a little, but am very unfamiliar with it. I'm looking to find out which apache c module determines whether or not to log a user in given new credentials. I'm guessing the module would call the hooks to verify mod_auth_digest creditials before or after determining that the user should be logged in. I found ap_add_common_variables which sets up the variables to write to the environmnet, but could not find the code that actually writes to the environment. I was also looking at modules/http/http_request.c and thinking I might be in the right ballpark. But, I could use some help. I'm pressed for time to make this happen and I really need to do this to support browsers other than IE and FF. I simply want to either force a new login with new validated credential everytime (very expensive) or compare the logged in user name to the new credentials name and if different log the user in. Thank you. Michele
