auth_digest_expires does not seem to work
Opened this issue · 1 comments
ninakka commented
I am using nginx 1.21.3 and installed it from source compiling it with this module.
The authentication works in that it asks the user for username and password. But I do not see the expiry happening. I am able to access the website without login a long time after. I am using these settings.
auth_digest_timeout 60s; # allow users to wait 1 minute between receiving the
# challenge and hitting send in the browser dialog box
auth_digest_expires 10s; # after a successful challenge/response, let the client
# continue to use the same nonce for additional requests
# for 10 seconds before generating a new challenge
auth_digest_replays 2; # also generate a new challenge if the client uses the
# same nonce more than 20 times before the expire time limit
erikdubbelboer commented
Did you check the headers being sent? It's probably your browser caching the password and automatically authenticating again.