Ian Bicking: the old part of his blog

Re: Fixing Apache Authentication


Can you not simply redirect to a common login url if a login is required. If the login is ok then it could redirect you back to the original page.

Comment on Fixing Apache Authentication
by DaveW


I could, but that means Apache authentication wouldn't work right (since it always throws a 401). I added something to add another mod_python directive that indicates if a location is protected, and redirect if it is and the user isn't logged in; that does work, but doesn't feel right to me. Also, I would like for there to be a single protocol for requiring authentication, and 401 kind of is that protocol. Though I suppose I could add something like a special environmental variable, and make applications redirect to the URL given in that variable if they require login.

There might also be a handler that I'm missing that could rewrite the status of the response.

# Ian Bicking