Good afternoon,

On 11/5/04 at 8:14 PM +0100, Angie Ahl <[EMAIL PROTECTED]> wrote:

>I'm trying to find a way to allow users to log out of a realm based 
>site (ie using basic authentication).
> [...]
>I'd like to make a lougout button in the form of  
>username:[EMAIL PROTECTED] .

I used to use a technique like that, but I found out (the hard way) that it
depends too heavily on browsers doing what you expect, and many of them don't. 

I had problems including:

- browser would not ask user for new credentials (after logging out), so it 
  became impossible to login again (without quitting browser)
- browser would quietly send 'old' credentials when needed later, so user was 
  not really logged out, next user could hijack their login
- confusing for users (mostly due to browsers not performing as expected)

I suggest using one of the other script based login techniques. I like
AuthTicket since it also works for requests on frontend (non modperl) server.


Charlie

-- 
   Charlie Garrison  <[EMAIL PROTECTED]>
   PO Box 141, Windsor, NSW 2756, Australia

--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Reply via email to