Good afternoon, On 11/5/04 at 8:14 PM +0100, Angie Ahl <[EMAIL PROTECTED]> wrote:
>I'm trying to find a way to allow users to log out of a realm based >site (ie using basic authentication). > [...] >I'd like to make a lougout button in the form of >username:[EMAIL PROTECTED] . I used to use a technique like that, but I found out (the hard way) that it depends too heavily on browsers doing what you expect, and many of them don't. I had problems including: - browser would not ask user for new credentials (after logging out), so it became impossible to login again (without quitting browser) - browser would quietly send 'old' credentials when needed later, so user was not really logged out, next user could hijack their login - confusing for users (mostly due to browsers not performing as expected) I suggest using one of the other script based login techniques. I like AuthTicket since it also works for requests on frontend (non modperl) server. Charlie -- Charlie Garrison <[EMAIL PROTECTED]> PO Box 141, Windsor, NSW 2756, Australia -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html