I'm not really understand your problem. What do you mean with "the browser still persists with the username and password"? Does it mean that you send these credentials with every request to the web server?
What we do is this: If the browser makes a request without a cookie or with wrong cookie, the server sends a http 401 response and the user gets a login dialog, after checking the credentials on the server side the server sends a cookie. All subsequent requests will carry the cookie, the browser does this for you. And the server checks at every request if the cookie is valid. If the user press the logout button the server sends a cookie as a response with a cookie expiration of 0 or an expiration date in the past. The built in 4D sessions work the same way AFAIK. Regards Lutz -- Lutz Epperlein ---------------------------------------------- Agendo Gesellschaft für politische Planung mbH Köpenicker Str. 9 10997 Berlin http://www.agendo.de/ ---------------------------------------------- ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
