On 2 May 2006 at 6:36, Sean Davis wrote: > I typically have something like a "teaser" page that isn't protected that > includes stuff like messages, usage stats, overview, etc. On that page, > there can be a spot for the user information, if the user is logged in. If > the user is not logged in, that can be replaced by a link to login (or the > first "real" page of the app). When someone logs out, redirect back to your > "teaser" page. Since this page is "outside" your app (while it could be a > runmode), the user will not get any request for reauthentication.
That's right but then the user is not really logged off, that is, if the user goes again from the teaser page to one of the protected pages the browser will happyly send the credentials. This is especially bad when the application is run in public places but even in an office environment a colleague might run protected pages in the name of someone else unless he closes the browser. Or did I miss something? How is your "when someone logs out" done, to make the browser really forget the credentials without a re-login popup? Cheers, Michael --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[email protected]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
