On 11/17/06, Dave Pawson <[EMAIL PROTECTED]> wrote:
On 17/11/06, Piyush Purang <[EMAIL PROTECTED]> wrote:
> Hi Dave,
>
> I think if you use http basic authentication (as the tutorial example
> uses) only way to prompt for authentication again is if the user
> accesses a resource in another realm (where he hasn't already been
> authenticated once) or to close and start the browser again.
I found
http://www.restlet.org/docs/api/org/restlet/data/CookieSetting.html#setMaxAge(int)
which is cookie based.
How the authentication relates to cookies I'm not sure.
Lots of sites put authentication credentials (of various sorts) into
cookies. I.e., "remember me" cookies.
I just thought it reasonable to be able to stop a user
after they have logged in (security reasons)
or to state that login is valid for n seconds (as with cookies?)
Indeed.
Another use case is the so-called "double" login. I.e., the user logs
in and can do a base set of activities but if they want to do anything
"sensitive"/"dangerous"/etc. they have to authenticate themselves
again to be able to perform those operations.
Have fun,
John
