On Fri, Mar 07, 2003 at 08:48:41PM +0100, Frank Maas wrote: > > And would this be possible with mod_perl2 ? > > What you could try (note the 'could', it's not tested) is return > a redirect to the same realm with a different id/password that is > not correct. If your site is www.mysite.com then redirect to > http://logged:[EMAIL PROTECTED]/ This might help as browsers can > interpret the popup this will trigger (as user logged with pass out > is not known) as an implicit logout).
I've tested this a while ago and the popular browsers cache their auth information and there is no general way to flush this, i.e. make it to "logout" or "forget" the auth information. The only alternative to have a cookie-based session is to keep the session id in the URL, either like amazon (PATH_INFO) or via a wildcard hostname. I would go for a cookie based solution. /magnus -- http://x42.com
