User Login too persistent?
skor - January 11, 2007 - 21:44
| Project: | Webserver authentication |
| Version: | 4.7.x-1.x-dev |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
Not sure if my problem is with my NTLM authentication or with the webserver_auth module, but here goes:
My config:
- Apache 2 on CentOS
- Using Apache2::AuthenNTLM as described here.
- Fresh 4.7.5 Drupal install with webserver_auth module
What works:
- When a user attempts to loads a page, the apache server first prompts them for login credentials, authenticates them with the domain contoller, and attempts to serve the page.
- Then Drupal calls webserver_auth_init, and checks their webserver login status, sees they are logged in, and logs the user into drupal (registering a new user, if necessary)
- Each subsequent page load seems to call webserver_auth_init, and since the user is logged into drupal, the page is served.
My problem:
- Suppose that user #1 closes their browser, terminating the apache ntlm session.
- If user #2 opens the browser on that compter and goes to the drupal site, apache will prompt them for their userid & password, authenticate them with the domain contoller, and let drupal serve the page.
- But when drupal calls webserver_auth_init, it thinks that user #1 is still logged into drupal and allows user #2 to browse the site logged in as user #1
Do I need to do something to get drupal to retrieve the user info from apache for each page load?
#1
In case anyone comes accross a similar problem, I found a solution here.
Thanks tclineks
#2