On 2/13/06, Frederick, Fabian <[EMAIL PROTECTED]> wrote: > This method works but I'd like to avoid access _only_ without > authentification : > http://site returns 401 with www-auth > > ... But I'm surprised http://user:[EMAIL PROTECTED] works in 2 phases : > > 1.Server returns 401 (why?) > 2.Account is logged; server returns 302 > > How can I recognize http://site from the second http://user:[EMAIL PROTECTED] > ? Is it possible from cgi to check complete url ?
The http://user:[EMAIL PROTECTED] thing is completely non-standard and doesn't work at all in most browsers, as far as I know. So how it works in your particular case would depend on the browser's actions, not the servers. Obviously your browser is not sending the credentials until after it receives a 401, which is the standard way to do things in general, but is a little strange given that the browser knows the credentials. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]