• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

How to configure the access password lifetime in Apache?

With the Apache web server, the access to a particular directory can be password protected by placing a suitable .htaccess file in the dir.

That works OK for me, but the password is only requested once per browser session. Well, I'm dealing with sensitive data and I'm paranoid about it too.
Can the the timeout for re-requiring the password be configured? Could the lifetime even be zero, so that a password is required every time the URL is accessed?
1 Solution
That's unfortunately one of the limitations of basic .htaccess - the clients are literally authorized until their web browsers close.

For true security, you will want to do something more sophisticated.  Here's a nice example:

PhazzAuthor Commented:
Thanks! Man, that's complex indeed.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now