Eric,
I'm not sure I understand your last comment. Isn't a "Directory" a
"protected space" ?
For the sake of completeness here is my full config (I hope this doesn't
make my post too long):
ServerAdmin webmaster@localhost
DocumentRoot /opt/webroot/public/doc
ErrorLog ${APACHE_LOG_DIR}/https_err
Thx for the quick reply ... and my apologies for the incomplete setup
(copy-paste typo)
I do have in fact an authentication requirement via "Require valid-user"
(as a point proving that, when the first time I try to access the script I
am redirected to the login page)
I think I know what is happen
I'm not sure why your initial redirect works, but it looks like the
mod_auth_form config seems to be in the wrong scope.
It should be attached to the protected space, not a config section
representing the form itself.
On Sun, Jun 5, 2022 at 6:18 AM Eric Covener wrote:
>
> It looks to me like you
It looks to me like you don't actually have an authentication requirement,
so when your session expires it doesn't trigger a redirect to your login
form. Try protecting the cgi or some larger scope with e.g. 'require
valid-user'
On Sun, Jun 5, 2022, 6:00 AM Thomas Fazekas
wrote:
> Dear all,
>
>
Dear all,
either I misunderstood how the SessionMaxAge setting is supposed to work or
I made a fundamental mistake in my setup, but, in a nutshell, it seems that
the users can access the form protected (form_auth) folder even after the
session has expired.
I have the following related setup :
