Re: Basic Authentication: Logging off

Sat, 26 Aug 2000 09:51:29 -0700 

Say a user is logged in as "howieh" at the following URL

http://www.somesite.com/securecontent/

Then you present a "log out" button which directs them to

http://www.somesite.com/logout/logout.cfm

and the CF template returns a 401 header (or do it with Perl if CF is
unable to return this type of header).  The user is presented with a
login dialog in his browser.  If he hits 'Cancel' or otherwise fails to
log in as someone else, is he still logged in as 'howieh'?  If he went
back to the original, secured directory

http://www.somesite.com/securecontent/

would the browser still pass the necessary credentials?

Are the login credentials that the browser 'remembers' based on the base
URL?  If a logged in user went to

http://somesite.com/securecontent/

would the browser automatically validate the user?

Or what about

http://www.somesite.com/MOREsecurecontent/


Jim


-----Original Message-----
From: Howie Hamlin <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, August 26, 2000 10:41 AM
Subject: Re: Basic Authentication: Logging off


>The browser will continue to send the same credentials until it is
restarted
>or receives an "Unauthorized" response from the server.
>
>Regards,
>
>Howie
>
>----- Original Message -----
>From: "Jim McAtee" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Saturday, August 26, 2000 12:34 PM
>Subject: Re: Basic Authentication: Logging off
>
>
>> Sounds as though you're saying that once a browser receives a 401
>> response, it will no longer send the previously used credentials.
Now,
>> say the user "logs off", but fails to log in as someone else.  Would
the
>> browser send the original, valid credentials if the user goes back
(in
>> the same browser session) to a URL where it had previously been
>> authorized?
>>
>> Jim
>>
>
>
>-----------------------------------------------------------------------
-------
>Archives: http://www.mail-archive.com/[email protected]/
>To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to