Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, February 12, 2009 2:49 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Thu, Feb 12, 2009 at 2:25 PM, Michele
On Thu, Feb 12, 2009 at 3:27 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
RewriteCond ${REMOTE_USER} . does not seem to work when the REMOTE_USER is
not defined. The statement evaluates to true.
What happens when you use the proper syntax, %{REMOTE_USER}?
Lol. I'm using the proper
Basically, when I user is logged out, %{REMOTE_USER} is not defined. It
seems any rewritecode using an undefined server environment variable always
evaluates to true. I don't want this. I want false if not defined. I'm
going to hack apache, if I have to.
Michele
-Original Message-
On Thu, Feb 12, 2009 at 3:44 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
Basically, when I user is logged out, %{REMOTE_USER} is not defined. It
seems any rewritecode using an undefined server environment variable always
evaluates to true. I don't want this. I want false if not defined.
On Thu, Feb 12, 2009 at 3:49 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
I'm doing this:
RewriteEngine On
RewriteCond %{REMOTE_USER} .
RewriteRule ^.*$ - [S=1]
RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
AuthType Digest
AuthName account
AuthUserFile /path/.htpasswd
Michele Waldman wrote:
I'm doing this:
RewriteEngine On
RewriteCond %{REMOTE_USER} .
RewriteRule ^.*$ - [S=1]
RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
AuthType Digest
AuthName account
AuthUserFile /path/.htpasswd
Require valid-user
1) The user is logged in.
2) The user logs
There is not authentication requirement for logged_out it's in a higher
directory.
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 4:46 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote:
Michele Waldman wrote:
There is not authentication requirement for logged_out it's in a higher
directory.
Okay, then. I'm afraid I am not understanding everything here. I doubt
the wheel needs to be reimplemented, but it seems the push is in that
direction. For my feeble mind, can you
It is different that just authenticating.
Due to an htaccess authentication implementation, it requires a work around
to prevent those pesky popups the browsers produce.
I'm trying to do a spin on this:
http://www.berenddeboer.net/rest/authentication.html
Implementing the mod_auth_digest
Michele Waldman wrote:
All the actual authentication if fine. I wouldn't rely on cookies for
security. It sounds like cookies would be a fake security.
I was thinking about creating a logout cookie.
Then, the popup would only happen if the user hacked their cookies.
Shame on them.
But it
10 matches
Mail list logo
