I am trying to implement an authentication/timeout system whereby the initial login is done by a standard HTML form (posted). When the session times out and the user requests a service, the session is "revived" by custom HTTP Authentication. In this way, a complex set of frames and multiple windows is not disrupted by a new window. The problem is that one a user HTTP Authenticates, the AUTHORIZATION header value stays until the browser is closed. Consequently, the user never has to authenticate again, even when the session times out, because when the servlet requests authorization, it is right there in the servlet request. So my question is, how do I clear or remove the AUTHORIZATION header item from the client ? Thanks. //Nicholas ===== -- Nicholas Whitehead AuctionLogic [EMAIL PROTECTED] (973) 331 9050 __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
