httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jack Nerad <>
Subject Re: how to push in Apache
Date Mon, 29 Jul 2002 15:28:11 GMT
Boyle Owen wrote:
> What do you mean by "logout"? If you are talking about the Basic Authentication process
which is part of the HTTP protocol then it is impossible. To explain - when a user arrives
at password protected URL, the server sends a 401 Authorization Required response. The browser
prompts the user for a password and then re-issues the request with an authorization header
appended. The browser caches the password and sends it with every request to that directory.
> So really, apache doesn't know who is logged in or out - all it knows is that the request
contains an authorization header or not. 
> If you want to emulate the login-shell thingy you get with e-banking then you have to
handle the whole thing yourself in CGI.
> Rgds,
> Owen Boyle
> -----Original Message-----
> From: yong jiang []
> Sent: Montag, 29. Juli 2002 16:41
> To:
> Subject: how to push in Apache
> Hi,
> I'm writing a program that will automatically log out a user. basically
> 1.) a user uses a browser to get authenticated by a web server
> 2.) there is another background process at the server side which does some kind of checking
(such as the user's credit is running out). If some conditions satisfy, it will logout this
user. In that case, a notification message needs to send to the user.
> My question is, how can this background process tells the Apache server to send this
> /Yong

You could probably have the server-side program manipulate the "users" 
file to remove the user from the list of valid-users, or if you are 
using one of the db auths, you might remove them from the authentication 
table to a "logged out" table.  (I'm speaking only in theory, here... 
you'll have to test).

That would mean on the user's next protected page request to the server, 
he/she would no longer be in the list of known users and would have to 
reauthenticate.  (Which would now be impossible, because the user is not 
in the list of users).  The user will receive an authentication failed 
message at the http level, which you could customize.  This may not be 
what you are after.  You may have to do as Owen suggests and completely 
script the solution.

I don't think this is really 'push' though, is it?
Jack Nerad

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message