Gracefully timing-out a user session.

Wed, 22 Sep 1999 19:23:38 -0700 

-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------

Hello

I've been off this list for over 6 months with my nose to the grind-
stone getting my system to work.  Congrats on all the terrific 
advances. Wow!

I'm trying to do something which is perhaps ill-advised, and not 
succeeding.  I'll be very grateful if some of you'll be willing to set me 
straight.

I have a multi-frame JavaScript / HTML client.  Some of the frames 
load data from different servlet zones to supply the raw data the 
main client frames require.  It is possible that the user will login at a 
low level of security and then log in with a higher level of priority to a 
different zone.

I'm trying to implement a "forget password" capability.  If the user 
hits the "forget password" button (or is inactive for 15 mins) he gets 
back an SC_UNAUTHORIZED response.

The trouble is that the SC_UNAUTHORIZED response doesn't 
seem to be related to any specific Apache "AuthName" .

If the user logs in to the browser's dialog box the hint is ...

  "Enter username for MyServer Admin Access at myserver.com"

 (the relevant "AuthName" directive is "MyServer Admin Access") 

However when my servlet returns the SC_UNAUTHORIZED 
response the browser's dialog box hint is ...

  "Enter username for unknown at myserver.com"


Is there any way to specify the AuthName when returning such a 
response?

Is there a recommended way to terminate a user's session from a 
browser?  ...  that reprompts with the same AuthName as before?

If the user has in fact logged in more than once at different security 
levels, how can I definitively wipe all his sessions in one go?

Sorry for such a long question.





  Hasan
  ~~~~~                 HASAN BRAMWELL

Address: Casilla 17-17-1004, Quito, Ecuador                   Tel : (593) (2) 372-748
Internet: [EMAIL PROTECTED]                                      or : (593) (9) 722-221


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to