|
hmm.. not that..
when logout link is clicked the session is invalidated.
that is ok.. but if he opens the same url again the page will be displayed as
the browser sends the Authorisation headers.
but until we close and open the browser it is not
prompting for password again.
and i am not sure that u understand the basic
authentication
and if u understand that.. tell me how to do an logout
after doing login in BASIC or DIGEST Auth ?
any links will be helpful..
reg
Arun.N
----- Original Message -----
Sent: Tuesday, March 19, 2002 11:46
PM
Subject: Re: [SERVLET-INTEREST] BASIC
authentication logout problem, session invalidation
I'm
not sure I understand your problem. Are you saying that the user session
persists after the user logs off and you want to invalidate the session at
that point?
Mark
Hi All,
Is there any solution for doing a
proper logout after the user is logged in with a BASIC auth
information.
session invalidation is useless because the access to the
resources is allowed as the browser keeps sending the "Authorisatoin" header
until it is closed and opened.
I need in a way such that after
logout, if came back to the same page .... BASIC auth window should pop up
againg prompting for username and password.
right now i have done
using a session variable to check if the user has logged out and prompting
him to close and restart the
browser.
Thankx,
regards,
Arun.N
|
