[mod_python] Re: Controlling authentication at run-time

Benjamin Niemann b.niemann at betternet.de
Wed May 19 18:02:02 EDT 2004

Diener, Edward wrote:
> If Apache authentication is setup for files in a document directory 
> through directives in an .htaccess file, once the user has entered their 
> user name and password and is allowed access to the file, they are no 
> longer prompted each subsequent time as long as their session is active. 
> Is there a way to control this at run-time so that the user will be 
> prompted for their user name and password in subsequent access to the 
> file, using mod_python ?
As others have already mentioned, it's the browser that remembers the 
login data - until the browser is closed. There is *NO* way to tell the 
browser to forget this (except for serving a page that triggers a 
browser crash ;)
Something I could think of is: if you want to reauthenticate the user, 
supply a different authentication realm (AuthName in apache.conf). E.g. 
add a random number... But then you have to handle HTTP authentication 
yourself, you can't use .htaccess files, as these are static.
I *think* this should trigger reauthentication, but I never tried it before.

More information about the Mod_python mailing list