Once a browser has been authenticated to a site it will continue to send the
same credentials over and over (in the HTTP headers) until the web server
responds with a "401 Unauthorized" response. So, bearing that in mind, you
need to have the web server stop accepting the credentials and send a 401
(either by the server itself or the 401 can come from a CGI or such). For
example:
- User accesses restricted page
- Server checks credentials
- Server sends 401 response
- Browser opens local login dialog
- User enters credentials
- Browser sends credentials with next HTTP request
- Server sends back non-401 response
- Browsers stores credentials and sends for each additional request
The browser will send these login credentials for every subsequent HTTP
request. Now, we want the user to log out. The click on a logout button
and some process on the server side cancels the login credentials.
- Browser sends credentials with next HTTP request
- Server sends back 401 response
- Browsers erases credentials and opens local login dialog
HTH,
Howie Hamlin - inFusion Project Manager
On-Line Data Solutions, Inc.
www.CoolFusion.com
631-737-4668 x101
inFusion Mail Server (iMS) - the World's most configurable mail server
----- Original Message -----
From: "Helge Hetland" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 26, 2000 4:53 AM
Subject: OT: Basic Authentication: Logging off
> We have a large site using Basic Authentication to log on the users to the
> system.
>
> When the user is logged in we use the Remote_User variable to authenticate
> the user to our DB and give him the content that he is "entitled to".
>
> We (of course) need to enable this user to logoff the recource (and maybe
> log in as another user), the only way now is to ask the user to shutdown
his
> browser and log in again.
>
> Is there any way to force a logoff to the users browser so that the
browser
> doesn't have to be restarted each time he wants to login as another user?
>
>
> Thanks,
> Helge
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
