list at joreybump.com
Thu Oct 28 12:26:39 EDT 2004
Lukas Trejtnar wrote: > The first solution by Jorey Bump doesn't pass the first > authentification. It keeps asking for a username and a password forever > (newsession == 1 -> return apache.HTTP_UNAUTHORISED). Or did I miss > something? I think we both did. Your session handling code should appear in the section that handles successful authentication. Then you need to perform the *authorization* step by checking the validity of the session. If that test fails, you return apache.HTTP_UNAUTHORIZED (in addition to returning it where authentication fails): if passwd == "spam" and user == "eggs": session handling/tests here if passed: return apache.OK else: return apache.HTTP_UNAUTHORIZED else: return apache.HTTP_UNAUTHORIZED Again, this is untested, and I'm no sessions guru. If I get a chance to work up any usable code, I'll post it.