You wouldn't believe the problems I've had with
AccessHandlers...
Although saying that I was trying to do a set_handlers
for the contentphase... which was being completely
ignored by apache...
I'll have a think about it... But the idea is to make
the authentication be completely invisible to the
users page request.. so if their login times out, and
they've just submitted a post to a message board, we
want to preserve their post throughout the
authentication and then when they're authenticated,
have the post occur and the user never have the
authentication process appear in their browser
history...
Marty
--- John ORourke <[EMAIL PROTECTED]> wrote:
> My fault guys, not looking up the numbers - Martin
> is your admin
> complaining about too many FORBIDDENs or REDIRECTs?
>
> The only thing I can add is that I'd recommend not
> using the
> authentication pages/handler to redirect - make
> yourself an Access phase
> (eg. "if no valid cookie, redirect to HTTPS login
> page with appropriate
> parameters").
>
> John
>
>
> Perrin Harkins wrote:
>
> >On Thu, 2005-11-10 at 17:19 +0000, Martin Moss
> wrote:
> >
> >
> >>So an Authen Handler can return a REDIRECT?
> >>
> >>I use a 403 custom repsonse which is a self
> submitting
> >>page (with non javascript handling)... By doing so
> it
> >>prevent's any of the authentication pages
> appearing in
> >>IE's back button on the browser...
> >>
> >>
>
>
___________________________________________________________
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail
http://uk.messenger.yahoo.com
