On Wed, 21 Jun 2000, J. J. Horner wrote:
Hi,
> Okay,
>
> I'm working on a PerlAuthenHandler that returns AUTH_REQUIRED unless a
> file is less than a certain number of seconds old.
>
> I've noticed a problem:
>
> In Netscape (and probably IE), if a handler returns AUTH_REQUIRED, the
> user can just hit 'Ok' on the password dialogue without typing in a
> password and the browser will resend the original information again.
> If the password in cache is still valid, it will
> reauthenticate without prompting the user again. This can't be
> cool. I've found that I have to make sure that the $sent_pw in
>
> my ($res, $sent_pw) = $r->get_basic_auth_pw;
>
> isn't null or 0.
Maybe you should study cache-control (expires etc...) -> guide, this might
cause netscape to "forget" the cached copy, and requires (new) auth...
> Any ideas or comments?
Usefull ?
Bye,
Remco
/----------------------------------------------------------------------\
| Remco Schaar |
| e-mail: [EMAIL PROTECTED] |
\----------------------------------------------------------------------/
South Park meets Linux:
- "Oh my God, they killed init!"
- "You bastards!"
