[kronolith] Kronolith / sabredav: No basic authentication headers found

[Jan Schneider]

Zitat von lst_hoe02 at kwsoft.de:

> Zitat von Jan Schneider <jan at horde.org>:
>
>> Zitat von lst_hoe02 at kwsoft.de:
>>
>>> Zitat von lst_hoe02 at kwsoft.de:
>>>
>>>> Hello,
>>>>
>>>> we use Horde/Kronolith for CalDAV calender access from multiple  
>>>> clients. In a network trace we can see that Horde refuses CalDAV  
>>>> access with cookies set with Sabre DAV Exception and "No basic  
>>>> authentication headers found". This lead to  
>>>> http://tuxd00d.com/blog/sabredav-no-basic-authentication-headers-were-found/ but the problem is said to occur only with CGI/FastCGI which we don't use. We have Ubuntu 12.04 with Apache and PHP5 as module with the latest Horde/Kronolith and all other is working fine. Any idea how to debug/solve  
>>>> this?
>>>>
>>>> Thanks
>>>>
>>>> Andreas
>>>
>>> Hm, found this in horde/.htaccess
>>>
>>> # IMPORTANT: DO NOT EDIT THIS FILE!
>>> # It will be overwritten with any future upgrade.
>>>
>>> allow from all
>>>
>>> <IfModule mod_rewrite.c>
>>>   RewriteEngine On
>>>   RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>>>   RewriteCond   %{REQUEST_FILENAME}  !-d
>>>   RewriteCond   %{REQUEST_FILENAME}  !-f
>>>   RewriteRule ^(.*)$ rampage.php [QSA,L]
>>> </IfModule>
>>>
>>>
>>> so the missing header should not be the problem, no?
>>>
>>> Ayn idea how to solve this? We have slow access because of  
>>> additional round trips and hundreds of unused sessions on the  
>>> server because of constant re-authentication.
>>
>> And *are* the headers actually missing, i.e. can those client not  
>> authenticate at all?
>>
>
> In fact they can authenticate, but they have to authenticate at  
> every request because the cookie ist not accepted. So we have a  
> constant re-authentication without session reuse :-(

This is how CalDAV works. Or almost any REST API based on HTTP authentication.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject