My home web server is running the stock OSX Apache 2 install. I have some directories with content that I want to secure, so I setup htaccess files for those areas. However, I find it annoying to have to login to those areas as frequently as I do. Once I'm logged in I'd like to not have to login again for a long time, similar to setting a long time in a cookie. But, I'd like to increase the life time of the authenticated session with htaccess.
I've googled but haven't found what I'm looking for, maybe because I'm looking for the wrong term. I want to configure the 'session length', 'session timeout', 'time limit', or 'expiration' for users authenticated via htaccess. Any thoughts?
Best Answer
Sorry, but pure apache/HTTP authentication gives you no control regarding the browser. After first authentication, your server cannot instruct the browser to logout or timeout, because HTTP authentication doesn't work with session/cookies etc. and the browser will continuously send authentication credentials. To logout you should close the browser.
So, in other words, you cannot do that only from apache.
Regards