Hello,

> On 02 Mar 2016, at 21:26, A. Warnier <a...@ice-sa.com> wrote:
> 
>> $o_Req->note_basic_auth_failure();
>> $o_Req->headers_out->set('WWW-Authenticate' => "Basic");
>> $o_Req->headers_out->set('Realm' => "Login");
> 
> I believe that the above is supposed to be a single HTTP header, not 2 :
> 
> WWW-Authenticate: Basic realm="Login”

This makes no difference for my problem.

> Another thing : above, you call your code "program".  At what stage of the 
> Apache request cycle are you calling this code ? is this a Response handler, 
> a PerlAuthenHandler, a cgi-bin script ?

This code snippet is part of a PerlResponseHandle. I cannot use it as part of a 
PerlAuthenHandler. When I would run it as a PerlAuthenHandler the user would 
always need to enter a password. This is my scenario:

I am programming a CMS with on demand publishing. If a user requests a URL it 
is unknown at the time of calling if the requested resource is public or if it 
is protected via a password. If my program decides that a password is required 
I would like to answer with a 401 response forcing the browser to ask a 
password. I can send the 401 response, but the browser never opens the dialog 
box for requesting a password.

Best regards

Matthias Schmitt

Reply via email to