Not that I'm aware of. The difficulty is that HTTP authentication is largely controlled by the client, not the server. There is no defined mechanism for the server to tell the client to forget its credentials for a given site. http://stackoverflow.com/questions/449788/http-authentication-logout-via-php has a pretty good discussion, and the issue is the same for server-side XQuery as for PHP.
IE seems to have a non-standard way to do this via HTML or JavaScript in some circumstances (http://www.adopenstatic.com/cs/blogs/ken/archive/2005/04/12/14.aspx). But there is no standard solution, and so this is one of several reasons why banking sites and most other security-conscious web applications no longer use HTTP authentication. -- Mike On 11 Feb 2011, at 12:03 , Tim Meagher wrote: > Is there a way to embed a button in a web-page that I can use to explicitly > disable a session using http authentication? > > Thx, > > Tim > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Danny Sokolsky > Sent: Friday, February 11, 2011 2:21 PM > To: General MarkLogic Developer Discussion > Subject: Re: [MarkLogic Dev General] How to kill a session? > > As far as changing users in IW, I usually find that quitting IE allows me to > change the user in the prompt when I next log in. Sometimes Windows likes > to aggressively cache the user though. In those cases, killing IE and > explorer.exe usually solves the problem. Or, you can always reboot > windows..... > > -Danny > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Tim Meagher > Sent: Friday, February 11, 2011 11:15 AM > To: 'General MarkLogic Developer Discussion' > Subject: Re: [MarkLogic Dev General] How to kill a session? > > http authentication > > Coming in on a vpn - not sure I can use the first approach. > > Why won't the or application-level authentication approaches work with http > authentication? > > Thanks, > > Tim > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael > Blakeley > Sent: Friday, February 11, 2011 1:05 PM > To: General MarkLogic Developer Discussion > Subject: Re: [MarkLogic Dev General] How to kill a session? > > Is this http authentication or application-level authentication? > > With http authentication the easiest thing to do is to use different > hostnames. You could set this up in the test client, using the windows > equivalent of /etc/hosts to alias, say, user1 to 127.0.0.1, user2 to > 127.0.0.1, etc. The browser http authentication will see these as different > hosts. > > With application-level authentication the hostname trick should work, or you > could remove the session cookie (http://support.microsoft.com/kb/278835) or > cause it to expire more quickly by changing the session timeout for the > app-server, which defaults to 3600 seconds. > > -- Mike > > On 11 Feb 2011, at 09:34 , Tim Meagher wrote: > >> Hi Folks, >> >> I have an xquery-based web app that I need to test with different >> users, but IE does not prompt me for the login each time. I'm >> wondering if it is because the session did not expire. FireFox >> prompts me for the login each time which is cool, but I also need to >> test on IE. I'm not sure if this is just an IE thing, or if there is >> a > way to kill a session in MarkLogic. >> Suggestions? >> >> Thank you! >> >> Tim Meagher >> >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general >> > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
