On 2/13/06, Frederick, Fabian <[EMAIL PROTECTED]> wrote:
> This method works but I'd like to avoid access _only_ without 
> authentification :
> http://site returns 401 with www-auth
>
> ... But I'm surprised http://user:[EMAIL PROTECTED] works in 2 phases :
>
>         1.Server returns 401 (why?)
>         2.Account is logged; server returns 302
>
> How can I recognize http://site from the second http://user:[EMAIL PROTECTED] 
> ? Is it possible from cgi to check complete url ?

The http://user:[EMAIL PROTECTED] thing is completely non-standard and
doesn't work at all in most browsers, as far as I know.  So how it
works in your particular case would depend on the browser's actions,
not the servers.  Obviously your browser is not sending the
credentials until after it receives a 401, which is the standard way
to do things in general, but is a little strange given that the
browser knows the credentials.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to