Very Computer

-- I've a password caching problem with Internet Explorer. My customer
has a server running beyond the CGI (Netscape Server on Digital Unix)
who uses Basic HTTP Authentication (based on login/password).

If we access the service with Netscape Navigator, it asks for the
login/password ONLY ONCE (i.e. Netscape Navigator does some password
caching and re-send the same authentication token for all requested
URLs).

If we use Internet Explorer, it keeps on asking for login/password ON
EVERY PAGE (sometimes several times for a single page, it it refers to
inlined images...). Internet Explorer seems to be less clever in its
"password caching" (it does some caching, hovewer, but it's not enough
for this particular application).

Did anyone have seen such a problem before ?
Is there a way to FORCE the browser (Internet Explorer) to use the same
login/password as the previous one ? E.g. using Java, ActiveX, etc... ?
Can we improve the password caching techniques of Internet Explorer ?

Please reply by e-mail directly...
                                                       \|/

---------------------------------------------------oOO-(_)-OOo----------
   Emmanuel "W4" KARTMANN          "W4 ? Weaving the World Wide Web !"

------------------------------------------------------------------------

Michael.

These views and comments are not those of my company.

    ^^
      it's not a login BTW, it's authentication

Chris> I would like to have my server (Apache 1.1.1) force
Chris> the browser to prompt for the username & password

How do you know it's a browser?

Chris> EVERY time it accesses certain directories.  The
Chris> problem I see is that Netscape seems to 'cache' this
Chris> info & replay it.

You cannot force user agents to do things.

--
Tony Curtis, Systems Manager,               European Centre for Parallel
                                            Computing, Vienna
http://www.vcpc.univie.ac.at/%7Etc/

Quote:>Chris> EVERY time it accesses certain directories.  The
>Chris> problem I see is that Netscape seems to 'cache' this
>Chris> info & replay it.

>You cannot force user agents to do things.

 For each page that you want passwords entered immediately before
accessing create an access authentication page that accepts the
account name and password then goes off to run a cgi script.

In the script, authenticate the username and password, then drop the
accessed data into a template, and spew the whole thing back as html.
The received html won't have the name of the file the data came from
so the user can't get that data directly by entering the file name,
only by correctly entering the username/password on the entry page.

For an example of how this works, visit http://www.match.com and see
their "enter as member" page.  All of the data'd pages that are
subsequently served up have names like matches.tpl, they are template
pages that are filled in with data, the data files aren't accessable
and the cgi script fills in the data per authentication...  They only
authenticate the user once per session, but there isn't any reason it
couldn't be required for each page if your security reasons require
it.