I have a really dumb question, which has little to do with FreeBSD, and is really more about Apache and how the HTTP protocol is implemented.
I have a web site (served via https) which requires a username/login password for security. No problem, it's configured in the httpd-ssl.conf file, works great. I'm copying the stanza below for your amusement. Once the user has logged in, they can follow links within the directory tree being served securely. The only drawback is this: the "authentication" is good for a limited period; it seems to last typically 12 to 24 hours.
Is there a way I can adjust it so once a user has logged in, they can continue using this area for a very long time, like a month or so? The number of people who have that username/password combination is very small, and they are highly trusted. It leads to a general question: Where is the "authentication state" actually stored? Does the server send a cookie to the browser which the browser then presents on followup requests? Does the server store the IP address or some similar identity of the client? How does authenticated HTTP actually work?
I have a web site (served via https) which requires a username/login password for security. No problem, it's configured in the httpd-ssl.conf file, works great. I'm copying the stanza below for your amusement. Once the user has logged in, they can follow links within the directory tree being served securely. The only drawback is this: the "authentication" is good for a limited period; it seems to last typically 12 to 24 hours.
Is there a way I can adjust it so once a user has logged in, they can continue using this area for a very long time, like a month or so? The number of people who have that username/password combination is very small, and they are highly trusted. It leads to a general question: Where is the "authentication state" actually stored? Does the server send a cookie to the browser which the browser then presents on followup requests? Does the server store the IP address or some similar identity of the client? How does authenticated HTTP actually work?
Code:
<Directory /home/www/secure>
AuthUserFile /home/www/secure/.htpasswd
AuthGroupFile /dev/null
AuthName "LindaRalphJohn: by permission only"
AuthType Basic
Require valid-user
</Directory>