I have been grappling with this problem for several days now, and I cannot
seem to resolve it.
The problem is a lot more complicated than it seems. The problem with
cookies (or whatever method you choose) you run into the problem that when
they first log on to the site you will not get a cookie and you will force
them to authenticate a second time which for an end user would be very
annoying. There doesn't seem to be any way to detect the difference between
a valid log in and a browser faking a real log in on your behalf. I have
tried cookies, redirects, temporary files and am quickly running out of
ideas. The ideal way would be someway to tell the browser to forget who he
is when the user logs off (through a cgi script or javascript). If anyone
has any brilliant ideas let me know.
Doug Poulin
----- Original Message -----
From: Costantino Imbrauglio <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, May 08, 2000 4:33 AM
Subject: Re: Password access to a site
> You might consider using cookies with a very short expiration time. In
such
> case your html pages should contain a small piece of code (you might use
> both php or perl or whatever you like) that would check the presence of
the
> cookie into the user request. If no cookie is present then authentication
is
> required. It's fairly easy and it works.
>
> ----- Original Message -----
> From: "Veronique Kraft" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, May 08, 2000 8:11 AM
> Subject: Password access to a site
>
>
> > Hi all,
> >
> > How can I require users to re-enter their passwords when they re-visit
my
> > site with the same browser window?
> > ie. The first time they visit, they enter a password, then they visit
> > another site, then decide they want to go back to my site so they use
the
> > back button on their broswer.
> > I currently have .htaccess working, but when I test it by leaving my
site
> > then comming back to it, I'm not prompted for a password.
> >
> >
> > Veronique Kraft
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
