Question

On the configure script screen it says:

# TWiki::Client::TemplateLogin - Redirect to the login template, which asks for a username and password in a form. Does not cache the ID in the browser, so requires client sessions to work.

# TWiki::Client::ApacheLogin - Redirect to an '...auth' script for which Apache can be configured to ask for authorization information. Does not require client sessions, but works best with them enabled.

So it seems that I need to have sessions on... even though on http://twiki.org/cgi-bin/view/TWiki/TWikiUserAuthentication

it says: "Firstly, the most secure method is without doubt to use the webserver authentication support, with Sessions turned off."

How can I use TWiki::Client::ApacheLogin \and turn sessions off? Or is that not possible?

Thanks, Steve

Environment

-- StevenColbert - 26 Jul 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You should turn sessions ON. TWiki works best that way. In fact I have never made TWiki work properly without. There is nothing unsafe with sessions in practical. Just remember to have the feature enabled that links a session to an IP address as extra safety.

-- KennethLavrsen - 26 Jul 2006

Thanks Kenneth - maybe I need to review the docs again and propse the wording get changed to save confusion... I really appreciate your help.

-- StevenColbert - 26 Jul 2006