Heiko Sommerfeldt wrote:
> Hi,
>
> I am using THttpServer with digest authentication and it works well.
> What I need is a logout, so the user (browser) needs a new login.
It's IMO not possible to force the browser to display a login dialog.
Currently the HTTP server uses a hardcoded nonce-life
>> Hi,
>>
>> I am using THttpServer with digest authentication and it works well.
>> What I need is a logout, so the user (browser) needs a new login.
>>
>
> It's IMO not possible to force the browser to display a login dialog.
> Currently the HTTP server uses a hardcoded nonce-lifetime of
Heiko Sommerfeldt wrote:
> The main problem is the following: If the user (of the browser) puts
> in a wrong password the connection is refused. Now the user opens
> (refresh) the page again and the browser sends the rejected digest
> information again automatically so the login fails again.
> Is
Scrive DZ-Jay :
> May you all have a happy and prosperous new year!
Thank you very much!
I wishes you all all the best, in particular for the health.
Bye, Maurizio.
This mail has been sent using Alpikom webmail system
http://www.alpikom.it
Scrive Heiko Sommerfeldt :
[...]
> The main problem is the following: If the user (of the browser) puts in
> a wrong password the connection is refused. Now the user opens (refresh)
> the page again and the browser sends the rejected digest information
> again automatically so the login fails aga
>> The main problem is the following: If the user (of the browser) puts
>> in a wrong password the connection is refused. Now the user opens
>> (refresh) the page again and the browser sends the rejected digest
>> information again automatically so the login fails again.
>> Is there really no solu
Hello,
I join you guys on your good wishes for 2009. And I wish goodness to the
people of Gazza for their extreme pains...
Best Regards,
SZ
On Thu, Jan 1, 2009 at 2:11 PM, Maurizio Lotauro
wrote:
> Scrive DZ-Jay :
>
> > May you all have a happy and prosperous new year!
>
> Thank you very much!
Do you have any proxy configures for your browser?
Regards,
SZ
On Thu, Jan 1, 2009 at 2:23 PM, Heiko Sommerfeldt wrote:
>
> >> The main problem is the following: If the user (of the browser) puts
> >> in a wrong password the connection is refused. Now the user opens
> >> (refresh) the page aga
Maurizio Lotauro wrote:
> Scrive Heiko Sommerfeldt :
>
> [...]
>
>> The main problem is the following: If the user (of the browser) puts
>> in a wrong password the connection is refused. Now the user opens
>> (refresh) the page again and the browser sends the rejected digest
>> information again
>
> Do you have any proxy configures for your browser?
>
No.
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
> Yes, it is automatically sent by the component.
> However, after a little test with Firefox, and passing an invalid password,
> I see an infinite loop. Firefox infinitely retries to login with the
> wrong password. This repeats with the webserver demo easily.
>
The same happens here with IE8
Heiko Sommerfeldt wrote:
> The same happens here with IE8beta too.
> Therefore I answer with 403 after such failed login.
It's a bug in THttpServer :(
[..]
RFC 2617 HTTP Authentication June 1999
stale
A flag, indicating that the previous request from th
The previous fix was not yet OK since it never forced a new nonce.
The change below should be safer since a new nonce is forced after
its lifetime expired. I hope I understood the "stale" parameter
correctly now.
in (OverbyteIcs)HttpSrv.pas,
function THttpConnection.AuthDigestGetParams: Boolean;
Hi,
that solves my problems! There is no loop when wrong login parameters
are used.
Thanks a lot!
Can this mechanism be used to enforce a logout? My web site should have
a "logout/new login" link. When this link is activated, the browser
should ask for new login credentials.
Heiko
> The previous
14 matches
Mail list logo