Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I've set Force authentication to Never, because I don't want any of my users to ever see the password dialog.
However, I'd like to be able to log in using the http://userid:password@example.com/path syntax. This works if I force authentication, but it has no effect otherwise.
I understand this used to be the purpose of the HTTP Authentication module, which was merged into Secure Site, so I'm marking this as a bug rather than a feature request.
Am I missing something?
Comments
Comment #1
salvisI'm seeing some weird behavior: I'm trying to use WinHTTrack to capture a static copy of my site. The site has a public part and some forums that are protected by node access.
WinHTTrack supports logging in using the http://userid:password@example.com/path syntax and it does capture the public part of the site as user userid! However, it receives 403 errors as soon as it tries to follow a link to a protected forum.
Apparently, WinHTTrack creates a new userid session for every request, because the Who's Online block shows a couple hundred of them after WinHTTrack has run, and the captured pages show the logged in state. (I haven't been able to create a userid session by typing http://userid:password@example.com/ syntax into Firefox myself though.) However, WinHTTrack fails to establish a userid session for protected paths!
I'm really puzzled why it works on the public paths but not on the protected ones.
BTW, I do have my own 403 page and would like to keep it.
Is there a way to programmatically test whether the user is supplying userid:password?
Comment #2
ekes CreditAttribution: ekes commented"haven't been able to create a userid session by typing http://userid:password@example.com/ syntax into Firefox myself though." It seems that Firefox doesn't try http auth unless it's required. I can login with userid:password with Opera, but not Firefox (or Thunderbird) if it's not forced for example.