DeveloperSide.NET Forums
July 09, 2020, 10:59:08 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
   Home   Help Search Login Register  
Pages: [1]
Author Topic: Have to login twice. Once for http and once for https.  (Read 6212 times)
0 Members and 1 Guest are viewing this topic.
Posts: 24

View Profile
« on: November 11, 2007, 05:02:18 PM »

I am encountering something that was not happening with Apache 1.3. Users have to login twice.

Not sure what is different.

I have set up my vhosts in the same manner with the DevSide package. Basically, I have the same directories specified in my http and https vhost containers. This way, the directories can be accessed via http and https. Some directories are authenticated and some are not. Here is an exaple of an authenticated directory:

<Directory "x:/root/">
AuthType Basic
AuthUserFile "C:/www/auth/.htpasswd"
AuthGroupFile "C:/www/auth/.htgroup"
Require group admin

Basically, users have to login twice if they try to access a page (in an authenticated directory) via http. At the top of the page, I have a php redirect to force https login. Here is the code:

if($_SERVER["HTTPS"] != "on") {
$newurl "https://" $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");

If the user accesses the page via https to begin with, they only need to login once.

Maybe there is a better way to force https logins?

I use the php code because most of my pages that require authentication are not located in an authenticated directory. Those pages are protected and authenticated via a php script and the php code above works just fine on those pages.

So I guess I have two questions.
1. Why are two logins required with the DevSide package and not with Apache 1.3?
2. I have several authenticated directories.  Is there a better way to redirect or force https authentications?
« Last Edit: November 11, 2007, 05:09:29 PM by jeffshead » Logged
Master of All Subjects
Posts: 3272

View Profile WWW Email
« Reply #1 on: November 11, 2007, 05:14:33 PM »

Try placing that directory block for authentication outside of any virtual host. The virtual hosts for 80 [http] and [443] are two different VHs regardless if the domain name is the same.

Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!