> Date: Wed, 9 Jun 1999 00:14:52 +0100
> From: Nic Ferrier <[EMAIL PROTECTED]>
> Subject: Re: Http Basic Re-Authentication
> >but what if they just
> >cancel and re-request the page?
> >Doesnt the browser just send the authenication information again?
>
> Yeah, it might (depends on implementation - spec says it shouldn't
> but hey!) but the server can still respond with UNAUTHORIZED.
>
> >The question is does sending UNAUTHORIZED really cause the browser
> to remove the credentials?
>
> Maybe, maybe not. Why is this important?
>
> Your "session" management should be clever enough to know when
> something is valid and when not.
>
> If you're going to do it properly you should use realms that expire.
My point is that when one logs out, the next thing to happen will be that they login.
The state of
that session and user cannot remain unautorized forever. How can one tell the
difference between
someone who has logged out and relogged in versus someone who just cancelled and
rerequested.
>From your description it sounds like it probably wont work because the browser will
>not give up the
credential.
I may try the sessioned Realm business. Heck one might even be able to put valid
information in the
realm. Hmmm....
One side affect is that the old realm credentials are still valid and will likely be
included in the
request as well. Or maybe the data is just in the browser taking up memory ;-)
This has potential.
...Duane
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
ClueIn - The Internet's FREE Community Service.
Go to http://www.cluein.com and experience the most dynamic way to communicate with
groups of people! You are limited only by your imagination. This service is yours to
use free. Clue in now.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
