Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apache-AuthCookie logout issue

Status
Not open for further replies.
Visitor

Visitor

MIS
Nov 23, 1999
151
US
I'm using Apache-AuthCookie for authentication. When I access a protected document, i get a login screen which does proper authentication. But when I click on logout, I expect it to delete the session cookie it set. So when I login again, I expect it to ask me for username/password but it allows me access to the protected document.
Please let me know if there's anything I'm missing in the logout process. I'd appreciate any help on this matter.


 
Sort by date Sort by votes
"Apache::AuthCookie allows you to intercept a user's first unauthenticated access to a protected document. The user will be presented with a custom form where they can enter authentication credentials. The credentials are posted to the server where AuthCookie verifies them and returns a session key.

The session key is returned to the user's browser as a cookie. As a cookie, the browser will pass the session key on every **subsequent accesses**. AuthCookie will verify the session key and re-authenticate the user."

----> Thats what its supposed to do.


Try this instead...



Creating a “members-only” section of your website...
- we will create a membersonly folder within the DocumentRoot à / and give the Apache user and group access to it
- modify the httpd.conf file to create a new alias called /membersonly/…

Alias /membersonly/ “/
- add the following directives to httpd.conf…

<Location /membersonly/>
AuthName “Members-Only Access”
AuthType Basic
AuthUserFile / require valid-user
</Location>

- AuthName creates a label that is displayed by the web browsers to the users. AuthType is always set to Basic because HTTP only supports Basic authentication by default.
- use the htpasswd utility to create the password file as below. The -c option is used to create the file and should be used just once. Make sure that only the Apache user can view the contents of this file and that the permissions on the file are 750.

/usr/local/apache/bin/htpasswd -c / chris

- use the htpasswd utility (without the -c) to create additional users afterwards



Let us know if that works out any better for you.



ChrisP

------------------------------------------------------------------------------
If somebody helps you, please vote for them for &quot;Tipmaster of the Week&quot; by giving them a &quot;purple star&quot;. This can be done by clicking the &quot;Mark this post as a helpful/expert post&quot; button.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
410
AbidingDude
AbidingDude
spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
240
spamjim
spamjim
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
267
daniel.warner
daniel.warner
Frank DBA
  • Locked
  • Question
Apache XForwardedFor Header
Replies
1
Views
190
RhythmAce
RhythmAce
johngiggs
  • Locked
  • Question
Apache RewriteRule or RewriteCond
Replies
4
Views
231
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top