stopping concurrent logins

2003-04-04 Thread Todd White 
i'm sure this is not a novel need, but i have failed to find or come up
with just yet any (non-cookie) solution yet.  i'm trying dearly to avoid
cookies, but if that's the best or only way to do this, feel free to speak
up.  i'd love to hear from someone who has already tackled the problem of
stopping concurrent web logins to a protected web space.

realizing that ultimately people can share their username/password to a
for-fee protected web site, we would at *least* like to avoid the
possibility that two people could both be logged in at the same time from
two different computers.  the use of IP address doesn't seem adequate
since many users come through a router/proxy running NAT.

any pointers?

Re: AuthDBI logoff

2003-03-31 Thread Todd White 
if there was a means by which i could strip out the Authorization header
in the client request, this would force a 401 response from the server
which would also satisfy my specific need.

is there a means by which i can manipulate an incoming request header from
the client?



On Sat, 29 Mar 2003, Thomas Klausner wrote:

> Hi!
> 
> On Fri, Mar 28, 2003 at 02:27:29PM -0500, Todd White wrote:
> > i'm seeking a means by which i can allow my web users to "logoff" after
> > authenticating for access to restricted web space.  i realize that users
> > can just close their browser, but i'm seeking a solution that allows the
> > browser to remain open.  essentially, i want a button that a user can
> > click that causes the web browser to drop the credentials for the realm.
> 
> AFAIK, something like "logoff" is impossible with BASIC Auth (which AuthDBI
> uses).
> 
> Take a look at Apache::AuthCookie, which implements its own Authentication
> scheme and allows "logoff".
> 
> Or take a look at Recipie 13.7 in the mod_perl Developers Cookbook.
> 
> -- 
> #!/usr/bin/perl   http://domm.zsi.at
> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
>

AuthDBI logoff

2003-03-28 Thread Todd White 
i'm seeking a means by which i can allow my web users to "logoff" after
authenticating for access to restricted web space.  i realize that users
can just close their browser, but i'm seeking a solution that allows the
browser to remain open.  essentially, i want a button that a user can
click that causes the web browser to drop the credentials for the realm.

i'm considering writing an Apache handler and returning an
Apache::Constants constant.  but i'm wondering if anyone would have other
suggestions.

btw, Apache 1.3 / mod_perl 1