Apache Cookbook: Solutions and Examples for Apache Administrators

Problem

You want to be able to provide credentials that will allow visitors into your site only once.

Solution

No solution is available with standard Apache features.

Discussion

As described in HTTP, Browsers, and Credentials, the concept of being "logged in" to a site is an illusion. In order to achieve the desired one-time-only effect, the server needs to complete the following steps:

  1. Note the first time the user successfully presents valid credentials.

  2. Somehow, associate that fact with the user's "session."

  3. Never allow those credentials to succeed again if the session information is different from the first time they succeeded.

The last step is not a simple task, and it isn't a capability provided in the standard Apache distribution. To complicate matters, there is the desire to start a timeout once the credentials have succeeded, so that the user doesn't authenticate once and then leave his browser session open for days and retain access.

Fulfilling this need would require a custom solution. Unfortunately, we are not aware of any open or public modules that provide this capability; however, search and watch the module registry for possible third-party implementations.

See Also

  • Recipe 6.3

  • http://modules.apache.org/

Категории