DeveloperSide.NET Forums
July 09, 2020, 10:59:08 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Have to login twice. Once for http and once for https.  (Read 6212 times)
0 Members and 1 Guest are viewing this topic.
jeffshead
Member
*
Posts: 24



View Profile
« on: November 11, 2007, 05:02:18 PM »

I am encountering something that was not happening with Apache 1.3. Users have to login twice.

Not sure what is different.

I have set up my vhosts in the same manner with the DevSide package. Basically, I have the same directories specified in my http and https vhost containers. This way, the directories can be accessed via http and https. Some directories are authenticated and some are not. Here is an exaple of an authenticated directory:

Code:
<Directory "x:/root/mysite.com/privatestuff">
AuthType Basic
AuthName mysite.com
AuthUserFile "C:/www/auth/.htpasswd"
AuthGroupFile "C:/www/auth/.htgroup"
Require group admin
</Directory>

Basically, users have to login twice if they try to access a page (in an authenticated directory) via http. At the top of the page, I have a php redirect to force https login. Here is the code:

Code:
<?php
if($_SERVER["HTTPS"] != "on") {
$newurl "https://" $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");
exit();
}
?>

If the user accesses the page via https to begin with, they only need to login once.

Maybe there is a better way to force https logins?

I use the php code because most of my pages that require authentication are not located in an authenticated directory. Those pages are protected and authenticated via a php script and the php code above works just fine on those pages.

So I guess I have two questions.
1. Why are two logins required with the DevSide package and not with Apache 1.3?
2. I have several authenticated directories.  Is there a better way to redirect or force https authentications?
« Last Edit: November 11, 2007, 05:09:29 PM by jeffshead » Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #1 on: November 11, 2007, 05:14:33 PM »

Try placing that directory block for authentication outside of any virtual host. The virtual hosts for 80 [http] and [443] are two different VHs regardless if the domain name is the same.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!