raja agireddy wrote: > Hello, > > I have implemented modperl2.0, Apache2.0 and AuthenSmb0.72. I have > modified AuthenSmb to include timeout conditions. > > Everthing works fine, with an exception.
I guess your modifications are the culprit, then :) > When the user logs in first does any wrong thing with the password and > user entry the r->get_basic_auth_pw(...) returns 01. hopefully you meant 401 and not 01 - get_basic_auth_pw should either return OK (0) or an HTTP status code, such as 401. > After the first time out also the r->get_basic_auth_pw(...) works fine. >>From the second timeout onwards if the user hits cancel the > r->get_basic_auth_pw(...) returns 0 i.e successful. of course it does :) all that call does is glean the information from the Authorization header. so, timeout or not, once the user has authenticated you'll get that Authorization header forever and ever, until the user closes the browser. > I do not know why it is returning this way. This is the only exception > condition when it returns the wrong status result. Please let me know > if you know anything about this issue. if by "timeout" conditions you mean you try to invalidate a session that was previously authenticated the problem is likely you don't understand how the browser and httpd are interacting. fortunately for you, this topic was just discussed on this very list very recently: http://marc.theaimsgroup.com/?t=111945358200001&r=1&w=2 in short, you shouldn't be relying on get_basic_auth_pw() to do your validation for you - it merely provides to you the user input so you can authenticate them for yourself. HTH --Geoff
