David Anderson wrote:
> Thomas Beale wrote:
>
>> I can't work out apache's logic in determining whether to challenge
>> for a password (does it consider the access-control settings first?)
>> when one is not needed, and then allows you in after you refuse to
>> give it - twice! Very strange.
>
>
> Such strange behaviour is often due to the client browser that gets
> confused by changing configurations on the server side. Does purging the
> auth cache and restarting the browser (to purge any session cache), or
> accessing the repository from a "clean" browser solve your anonymous
> problems? That would be my best bet, I've had both firefox and IE behave
> very strangely when I was configuring access control for my site, due to
> client confusion.
>
> - Dave.
If anyone is interested, I discovered the fix for this. It just happened
that the pages for which an authentication challenge occurred, when it
shouldn't have (access control is set to * = r) were .htm pages which
contained _two_ references to a style-sheet file that did not exist; the
authorisation logic (not sure how much done by apache and the svn authz
module) possibly decided that since the file did not exist that "Satisfy
Any" did not work, and it had to authenticate - twice. Hitting cancel
twice allowed the user in. Removing the wrong .css references fixed the
problem completely. What was deceiving is that there was no indication
that the authentication request was due to a file missing, and that it
was being made in a repository with anonymous read access. I still don't
understand the logic...
- thomas beale
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 27 17:15:47 2005