You can't invalidate so you don't invalidate because that's how basic authentication works. You have to write your own login mechanism (form based) to log users out. I think that you may be able to control this if you write lower level code (NSAPI lib or an Apache module?) I don't know, I'm shooting in the dark here. Also consider that the basic authentication is done on EVERY request. This slows down the access. Apache docs recommend not using basic auth for more than few hundred entries in htpasswd file.
d. Nilsson, Mattias wrote: > Well, how do I invalidate a user how is logged in form my code (e.g. > JSP/Servlet)? > > /Mattias > > -----Original Message----- > From: David Mossakowski [mailto:[EMAIL PROTECTED]] > Sent: den 29 april 2002 19:50 > To: [EMAIL PROTECTED] > Subject: Re: HTTP BASIC Authentication (invalidation?) > > > Had you searched the archives you would have known already. > > But to answer yet another time the same question: when the browser is > closed. > > d. > > Nilsson, Mattias wrote: > > >>How is a user invalidated (logged out) once authenticated using HTTP BASIC >>authentication? >>I used the Form based authentication before and then session.invalidate() >>logged out the user. But that doesn't seem to work with the BASIC >>authentication. Does anybody know how this is solved? >> >>(BTW: I use Orion as a web container...) >> >>/Mattias >> >> >> > ___________________________________________________________________________ > >>To unsubscribe, send email to [EMAIL PROTECTED] and include in the >> > body > >>of the message "signoff SERVLET-INTEREST". >> >>Archives: http://archives.java.sun.com/archives/servlet-interest.html >>Resources: http://java.sun.com/products/servlet/external-resources.html >>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html >> >> >> >> >> > > > -- > David Mossakowski [EMAIL PROTECTED] > Instinet Corporation 212.310.7275 > > > > **************************************************************************** > *** > <<Disclaimer>> > > This message is intended only for the use of the Addressee and > may contain information that is PRIVILEGED and/or > CONFIDENTIAL or both. > > This email is intended only for the personal and confidential use > of the recipient(s) named above. > > If the reader of this email is not an intended recipient, you have > received this email in error and any review, dissemination, > distribution or copying is strictly prohibited. > > If you have received this email in error, please notify the sender > immediately by return mail and permanently deleting the copy > you received. > > Thank you. > > **************************************************************************** > *** > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
