> I understand that I could force the users to use an https URL instead of an > http URL, but that seems like it would be overkill. If that is the only > solution to this issue, then we would really want the user to authenticate > over https, but then fall back to http for all of the rest of the > communications to the web server so as not to incur the inherent performance > penalty of https. Any hints on how to do that effectively/efficiently would > be welcome in that case.
You can't do this with basic authentication, because your browser only prompts you once but transmits the password every subsequent protected page. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
