密码保护在不同浏览器中的表现不同(使用 htaccess)
是的,事情是这样的:我正在尝试用密码保护特定文件夹中的某些文件。所有文件都是图像,因此我决定通过在每个文件的开头添加“p_”(表示“私有”)来“标记”我想要保护的文件。这是 htaccess:
<FilesMatch "^[pP]_.*">
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName "Password required"
Require valid-user
</FilesMatch>
这一侧的结果因浏览器而异:
- Firefox:要求输入密码一次并且工作正常
- Chrome(最新版本):输入有效的 psw 时一次又一次提示身份验证框
- IE8:要求输入密码何时遇到“标记”文件
你们可以测试:http://pierre-albiero.com/ip/es/top/imagenes login:test
我是否在 htaccess 中缺少一行或正则表达式错误? 你身边也有同样的结果吗?
Right, here's the thing: I'm trying to password protect some files in a specific folder. All files are images so I decided to "tag" the ones I want to protect by adding "p_" (for "private") at the beginning of each file. Here's the htaccess:
<FilesMatch "^[pP]_.*">
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName "Password required"
Require valid-user
</FilesMatch>
The result, on this side, differs from one browser to another:
- Firefox: asks for password once and works fine
- Chrome (latest version): prompt authentication box again and again when valid psw is entered
- IE8: asks for password every time it comes across a "tagged" file
You guys can test: http://pierre-albiero.com/ip/es/top/imagenes login:test
Am I missing a line in htaccess or got the regex wrong?
Do you have the same result on your side?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这种行为确实在很大程度上取决于浏览器。 Web 服务器使用 HTTP 标头标志来指示访问的内容受到保护。然后,浏览器可以提交登录名和密码以向网络服务器进行身份验证。
但由于 HTTP 是无状态的(一旦站点传输完毕,客户端就会关闭连接,网络服务器将不再识别客户端),浏览器每次想要下载特定数据时都必须发送身份验证信息。
因此,为了让用户感到舒适,许多浏览器都会缓存网站的身份验证信息,这样您就不必一次又一次地为每个项目输入它。当 chrome 反复询问时,可能存在阻止缓存这些密码的设置,或者这是您的 chrome 版本中的错误。
(维基百科有一个很好的例子说明了通信中发生的情况:http://en.wikipedia.org/wiki/ Basic_access_authentication )
我在这里也用 Opera 进行了测试。当我输入密码后,我可以重复访问图像,而无需再次输入密码。然后我删除了缓存并重新加载了网站-> Opera 再次要求输入密码。
This behavior is indeed largely dependent on the browser. The webserver uses a HTTP header flag to indicate that the accessed content is protected. The browser can then submit a login and password to authenticate with the webserver.
But as HTTP is stateless (as soon the site is transmitted, the client closes the connection and the webserver doesn't recognize the client anymore) the browser has to send the authentication information every time it wants to download the specific data.
So to make it comfortable for the user, many browsers cache the authentication information for the website, so that you don't have to enter it for every single item again and again. When chrome asks repeatedly there may be a setting that prevents caching of those passwords, or it is a bug in your version of chrome.
(Wikipedia has a nice example of what happens in the communication: http://en.wikipedia.org/wiki/Basic_access_authentication )
I tested it here also with Opera. When I entered a password I could access the images repeatedly without entering the password again. Then I deleted the cache and reloaded the website -> Opera asks for the password again.