But if you require a SSL connection for certain directories, then
require .htaccess authentication for said directories, sending an
'Unauthorized' header would force them to 'login' again. The 'logoff'
button I was referring to would just be a form that posts to a script
that sends the 'Unauthorized' header.
Like I said, not the most secure way, but probably the easiest.
On 8 Apr 00, at 7:02, Jeffrey Burgoyne wrote:
> The username/password feature is a generic http protocol command and not
> exclusively part of the secure side. As well. there is only a single part
> of the protol - username required.
>
> That said, you musr realize that you log into the server and out with
> every connection. The browser caches the user id and password and makes it
> seemless to you. Therefore the logout button would have to be part of
> browser functionality and it is not. You can do it by
> messing around with theprotocol message back to the client, but it just
> forces them to log in again, so a very good logout IMO.
>
> Jeff
>
>
>
> On Fri, 7 Apr 2000, Doug Poulin wrote:
>
> > We are running a brand new server using Red Hat Linux 6.1 and Apache with
> > SSL. Everything is up and appears to be working correctly. The problem I
> > can't seem to find an answer to is, how do I log a user off?
> >
> > When our secure application starts up you go through an authentication
> > process and the application starts up in a new (browser) window. When you
> > close the application window you go back to the original window. If you
> > click on the application start button you get logged right in. No more
> > authentication (userid/password) form. How do we get it so that they have
> > to re-log in everytime a user connects to our server?
> >
> > I have searched the archives and everywhere else I can think of but can't
> > find any info. It has to be something simple but what is it?
> >
> > Doug Poulin
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
