On Mon, 1 Nov 1999, Robin Berjon wrote:
> At 11:44 01/11/1999 -0800, Doug MacEachern wrote:
> >On Mon, 1 Nov 1999, Wyman Eric Miles wrote:
> >> The next question is, when the cookie expires 2 hours later, the initial
> >> SecurID user/password has long since expired. How do I cause the module
> >> to force the basic auth dialogs again?
> >>
> >> $r -> note_basic_auth_failure;
> >> return AUTH_REQUIRED;
> >>
> >> Doesn't seem to work.
> >
> >that's cause netscape, ie, etc, cache basic credentials. so even though a
> >401 code is sent to the client, they just reuse the existing
> >username/password in memory.
>
> I've never tried this but doesn't sending two 401s in a row for the same
> document have the auth popup appear again ?
yeah, except that clicking 'cancel' causes the browser to send the cached
credentials. at least, that was my experience last I tried.