On Wed, February 1, 2006 7:16 am, Olaf Greve wrote:
> Alright: here's a bit of a "challenge" (so as to avoid the word
> "issue")
> ;) my colleagues have run into previously: how to kill HTTP
> authentication...
Simply change the "Realm" out from under the user, so that their
credentials for the ol
Hi Jochem (and others),
save the 'authenticated' state in the session;
only send out the http auth headers when:
1. the user is not authenticated
2. the page is should be protected
logging out would then clear the 'authenticated'
state from the SESSION
now I probably didn't explain that very
Olaf Greve wrote:
Hi all,
Alright: here's a bit of a "challenge" (so as to avoid the word "issue")
;) my colleagues have run into previously: how to kill HTTP
authentication...
I remember that they never did figure that one out, and I too will now
have to get my hands dirty with trying to f
Olaf,
How about generating a hash-enhanced (TM) realm name, such as:
Basic Realm Session
Then store that timestamp-based hash in the session. When you want to
user to bugger off, change the realm name. This is just a theory, and
I've not tested it at all.
David
Olaf Greve wrote:
> Hi all,
Hi all,
Alright: here's a bit of a "challenge" (so as to avoid the word "issue")
;) my colleagues have run into previously: how to kill HTTP
authentication...
I remember that they never did figure that one out, and I too will now
have to get my hands dirty with trying to find a proper way to
5 matches
Mail list logo
