RE: Gracefully timing-out a user session.

Mon, 27 Sep 1999 03:41:06 -0700 

-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------

> > >Is there a recommended way to terminate a user's session from a
> > >browser?  ...  that reprompts with the same AuthName as before?

> I'd think it would be doable but you'd likely have to tune it for each
> browser (and do the research to get the browsers' behaviour)

Uh-oh.  That means "ferggedit" doesn't it?  

> - then the likely browser specific part and is so likely to be
> weird that the login screen below is a much more likely to succed
> option 

Did you attach a login sample?  I didn't see it.  (In fact I think this list 
strips them off. No?)

Does any one have a pointer to a good tutorial on this stuff?

I was all set to go from mod_auth to mod_auth_db for MySQL, but 
I'm beginning to think the whole method of using browser based 
security is too limited; but I don't know enough to decide, and 
ultimately I need digitial certificates.  What is the right way to go?.

If you'll pardon my thinking out loud a bit longer...

I have several HTML frames, each with different possible logins 
(one for getting non-restricted reference data, one for private data, 
and a further one for restricted updates).  It seemed like a good 
idea at the time, (and meets spec.), but now when I come to the 
issue of timing out sessions it becomes a nightmare. Larry Singer's 
code frag ...

> resp.setHeader("WWW-Authenticate", "Basic realm=\"AuthName\""); 
 
 ... gets me what I asked for; but it only gets me one step further into 
what seems like a horrible tangle.

Thanks for the help so far.  If I can get a good technique I'll post a 
FAQ answer -- I promise.


  Hasan
  ~~~~~                 HASAN BRAMWELL

Address: Casilla 17-17-1004, Quito, Ecuador                   Tel : (593) (2) 372-748
Internet: [EMAIL PROTECTED]                                      or : (593) (9) 722-221


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to