Link to home
Create AccountLog in
Avatar of willa666
willa666Flag for United States of America

asked on

authentication shared between 2 web servers

i have a requirement to sercure a website for a customer.

they have 2 apache web servers and i used mod_auth to do basic auth3entication on each webserver.

but i have an issue, where the users request is passed from one webserver to another, and this means that the end user has to0 authenticate twice.

So how can i have the authentication session mantained between both webservers.
Avatar of jimmlegs
jimmlegs
Flag of United States of America image

Impossible. You cannot pass sessions between servers not to mention 2 SSL certs are required for the solution.
Avatar of giltjr
Actually it is possible.  It has been asked and answered here on EE, but for some reason I can't find it.  IIRC instead of using mod_auth, you use mod_auth_digest and using the AuthDigestDomain directive.

   http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html

I am still searching on EE to make sure that I remember correctly.
ASKER CERTIFIED SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Good to know. Really nice feature.