>> Hi,
>>
>> I am using THttpServer with digest authentication and it works well.
>> What I need is a logout, so the user (browser) needs a new login. 
>>     
>
> It's IMO not possible to force the browser to display a login dialog. 
> Currently the HTTP server uses a hardcoded nonce-lifetime of one minute.
> But even if it would use a one-time nonce (which added some overhead)
> the browser may cache and resend user credentials next time he receives 
> a 401 response from the server.

OK, I understand.
Is there a header field that I can add to prevent the browser to reuse
the old credentials?

The main problem is the following: If the user (of the browser) puts in
a wrong password the connection is refused. Now the user opens (refresh)
the page again and the browser sends the rejected digest information
again automatically so the login fails again.
Is there really no solution for this?

I tried to change the AuthRealm, but the browser shows no login dialog
again.

Heiko
-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to