On 5/2/06 4:39 AM, "Michael Lackhoff" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I followed the advice from this list and wrote mod_perl
> authentification- and authorization handlers to move this task from my
> application to apache.
> But now I have the problem that for this kind of authentification there
> is no 'logout' functionallity. How do others handle this problem?
> The best I could come up with was a tweak to the authentification
> handler that gives back an 401 error to everyone for the location
> /myapp/logout and then write my own error document for this location
> saying "Logout successful" or something like that. But still the user
> gets the pop up box from the browser to reauthentificate. Any better
> ideas?
I typically have something like a "teaser" page that isn't protected that
includes stuff like messages, usage stats, overview, etc. On that page,
there can be a spot for the user information, if the user is logged in. If
the user is not logged in, that can be replaced by a link to login (or the
first "real" page of the app). When someone logs out, redirect back to your
"teaser" page. Since this page is "outside" your app (while it could be a
runmode), the user will not get any request for reauthentication.
Sean
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
