Apache doesn't, your browser does.Quote:> I was wondering: if http is stateless, how does apache know not to
> authenticate again?
It doesn't. Apache insists on receiving the password with every
request. However, you browser is smart enough to know that once it
authenticates once, it should continue to send the password without
prompting for resources in the same "realm" (Apache: AuthName).
Joshua> It doesn't. Apache insists on receiving the password with every
Joshua> request. However, you browser is smart enough to know that once it
Joshua> authenticates once, it should continue to send the password without
Joshua> prompting for resources in the same "realm" (Apache: AuthName).
Beware though. Recent versions of IE *preemptively* send cached
basicauth to *any* URL from the same server, without regard for a
realm name, because they don't wait to be told it's protected. Watch
your logs and you'll see very few 401 hits, when in fact you should be
getting one 401 then one 200 for every protected page.
Bad IE. *bad* IE. (As if I had to point that out.)
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Thank you for all the replies. Still, I can't find out a good solution
to solve my problem. Maybe I should describe the problem more clearly...
Actually, I'm setting the precmd alias in my shell such that whenever
I'm using xterm, the title bar can display the current directory. Even I
rlogin to other machines, since I'm still using xterm, the title bar
should still display the new current dir in the remote machine. But the
problem is, if I'm just sitting in front of a PC or what so ever and
using telnet to connect to a machine, the precmd alias setting will
print the currect dir at the prompt since there is no title bar for it
I've tried by checking $DISPLAY and $TERM, or use xdpyinfo, but none of
them work at all. So, any other methods suggested?