mod_radius, apache2 and the auth cookie.
Palmer J.D.F.
J.D.F.Palmer at swansea.ac.uk
Tue Aug 2 10:55:41 CEST 2005
Hi,
> Was was pointed out, you'll get authentication dialogs for every gif
> & jpg on the page. This is a BAD idea.
The gifs etc are located in an unprotected directory, surely this prevents
from having to re-authenticate for each?
>
> > If I get a failed login, then try to login again it just uses cached
> > credentials and doesn't prompt for details, if I close and re-open the
> > browser it does then allow me to enter details.
>
> Then your browser is broken.
Firefox and Opera are also broken in that case. :-(
A bit of a dig around reveals this from the Apache site, which implies that
all browsers cache the credentials.
http://httpd.apache.org/docs/howto/auth.html#basicfaq
Thanks,
Jezz Palmer.
More information about the Freeradius-Users
mailing list