[freeside] Not prompted again for login at freeside internal server after first time. it just lets me in.......
Gerald V. Livingston II
gerald.freeside at sysmatrix.net
Mon Mar 21 11:37:57 PST 2005
On Mon, 21 Mar 2005 12:00:59 -0600 Clyde Swann wrote:
> For sure I thought along the lines you described. I can come back the
> next day after closing the browser and still get let in without a log in
> prompt. I also know the only true way to logout of a site is to close
> the browse, even if the site has a logout button.
> The odd thing is I can change the auth name file from htpasswd to
> mapsecrets, and back to htpasswd, reboot Apache, enter freeside and get
> the one prompt again to login. Just rebooting Apache with changes does
> nothing.
> Thanks for your reply! I will go through the mailing list archives
> again. Maybe something I miss.
There's got to be some data caching going on in there somewhere. Are you
going through a proxy to reach the Freeside machine? If yes, can you
temporarily set up a browser machine on the same subnet as the freeside
machine and add it to your HOSTS file so you can reach it directly without
the proxy to see if it exhibits the same behavior?
Restarting Apache without changing the auth filename most likely leaves all
the fingerprint info the same so the proxy wouldn't try to reload it.
Changing the filename around must change timestamps on something that
causes the proxy to reload the data.
This sounds like a proxy misconfiguration where the proxy is caching https
data and it shouldn't.
Gerald
More information about the freeside-users
mailing list