0

I see most examples using it with form-based authentication (i.e. we load the mod_auth_form.so and other session modules). Is it possible to use this session timeout along with basic authentication (i.e. we load mod_auth_basic.so ) ?

Also, I know that the mod_session was introduced only after apache2.3, so this would definitely not be supported in apache2.2 I am fine even if it works just for apache 2.4.

Crusaderpyro
  • 2,163
  • 5
  • 29
  • 53

1 Answers1

0

It's not implemented in any other auth modules, but it's also unnecessary. Most other auth modules use HTTP basic auth, where the credentials are seamlessly transmitted on every subsequent request to the same host+context root.

But mod_auth_form needs to do a one-time capture/prompt/validate that cannot be propagated on every request. Hence the need to put them in a session store.

covener
  • 17,402
  • 2
  • 31
  • 45