Hi there. Someone was asking about how to 'close' the browser windows so that they could time-out a session since otherwise the browser typically keeps resending the username/password for the realm, and they didn't like that.
I am not sure if someone else gave an answer to this nor 100% of the context (ie what the server set-up was) ... so I apologize if this isn't as helpful. I think I thought of a way to make this work (untested at this point, but for some reason it popped into my head while I was trying to write a completely different document :) ... Instead of closing the browser window, think of a completely different approach .... essentially encode, as part of the URL, the session time-out/id information, then when the session times-out the URL becomes invalid so when they go to try to use it you can actually redirect them to the newly generated location and respond with a 401 to get the username and password again. Pretty simple actually and will work regardless of the use of Basic Browser based authentication. If someone already posted this, I apologize... ---------------------------------------- Joseph Molnar http://www.codesta.com/ -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>