Erik, Le mardi 25 janvier 2005 � 13:51 +0100, Erik Bruchez a �crit : > I don't think BASIC authentication involves the session at all. This > would mean that invalidating the session would have no effect on it.
Some more googling, confirm that you are right and this is a (common) mistake to believe that one can logout from HTTP basic authentication. For instance: The mistake is to view HTTP basic authentication as being a login process and as a consequence conclude there should be a complementary logout process. The authentication model for HTTP allows the server to demand some credentials from a user and have those credentials attached to subdsequent accesses to the server. If the user hasn't changed why does he need to log out? (http://www.modpython.org/pipermail/mod_python/2001-August/012120.html) > It looks like sending a 401 status ("Unauthorized") will cause most > browsers to clear their authentication cache, effectively asking the > user for a new challenge again. You could try that. At the very best, I think that I would reinvent FORM authentication and I will probably have to choose either to stay with BASIC and have no logout or to move to FORM based authentication. Thanks, Eric -- Carnet web : http://eric.van-der-vlist.com/blog?t=category&a=Fran%C3%A7ais ------------------------------------------------------------------------ Eric van der Vlist http://xmlfr.org http://dyomedea.com (ISO) RELAX NG ISBN:0-596-00421-4 http://oreilly.com/catalog/relax (W3C) XML Schema ISBN:0-596-00252-1 http://oreilly.com/catalog/xmlschema ------------------------------------------------------------------------ ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ orbeon-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/orbeon-user
