> David wrote: > > My website is a https website using mod_ssl : > Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 OpenSSL/0.9.6 > DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01 > > This is what i have in my access.conf : > > <Directory /path/to/directory/secure> > AuthName https://name.of.my.website/secure > AuthType Basic > AuthUserFile /path/to/password/file > Require valid-user > </Directory> > > Here is the problem. When i click a link to a page in the directory, > i come up with my login screen popup. If i type the right > username/password pair, it will display the page, if i dont, it comes > up with a 403 error-forbidden. This is all fine. However, i was > extremely surprised to realise that if i fail the connection to > receive the 403 error, i can click the back button in the browser, > then the forward button, and get the page...even tho i still havent > even authenticated yet!!! I am assuming that I am doing something > stupid, but i cant seem to guess what that might be.
Are you sure it does this on a first-time login with a clean browser, before you *ever* authenticate? Remember that if you login even once, your browser will cache the username/password and use it automatically for any subsequent requests in the protected realm (that is how you only have to authenticate once and can navigated about in a protected realm)> Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
