httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "French, Shawn" <S.Fre...@AcceLight.com>
Subject RE: how to push in Apache
Date Mon, 29 Jul 2002 15:31:44 GMT
I don't think your solution needs to involve a server push.
 
One solution:
Once logged out, configure the firewall to route all of the user's traffic
to an error/status page on your server explaining why they were logged out,
and why they have to log in again.
 
Shawn
 
 

-----Original Message-----
From: yong jiang [mailto:yong.b.jiang@telia.se]
Sent: July 29, 2002 11:28 AM
To: users@httpd.apache.org
Subject: Re: how to push in Apache


Owen,
 
thank you for your reply.
 
I probably didn't explain my question clearly. I'm trying to develop an
access controller. This access controller has a web server. A user accesses
a cgi program in the web server which asks for information such as user name
and password. If the information is correct, the cgi program can config
firewalls to let that user's traffic pass over.
 
Now I want to add an idle timeout function. If the user is not sending or
receiving any traffic for some time, the access controller will remove the
firewall and inform the user that he has been logged out. In realization I
have another daemon that monitor the traffic counters in the firewall rules,
and if the counters are not increasing, it will remove the rules, and then,
the question is, how can i display a status page to the user.
 
/Yong

----- Original Message ----- 
From: Boyle Owen <mailto:Owen.Boyle@swx.com>  
To: users@httpd.apache.org <mailto:users@httpd.apache.org>  
Sent: Monday, July 29, 2002 4:58 PM
Subject: RE: how to push in Apache

What do you mean by "logout"? If you are talking about the Basic
Authentication process which is part of the HTTP protocol then it is
impossible. To explain - when a user arrives at password protected URL, the
server sends a 401 Authorization Required response. The browser prompts the
user for a password and then re-issues the request with an authorization
header appended. The browser caches the password and sends it with every
request to that directory.
 
So really, apache doesn't know who is logged in or out - all it knows is
that the request contains an authorization header or not. 
 
If you want to emulate the login-shell thingy you get with e-banking then
you have to handle the whole thing yourself in CGI.
 
Rgds,
 
Owen Boyle

-----Original Message-----
From: yong jiang [mailto:yong.b.jiang@telia.se]
Sent: Montag, 29. Juli 2002 16:41
To: users@httpd.apache.org
Subject: how to push in Apache


Hi,
 
I'm writing a program that will automatically log out a user. basically
1.) a user uses a browser to get authenticated by a web server
2.) there is another background process at the server side which does some
kind of checking (such as the user's credit is running out). If some
conditions satisfy, it will logout this user. In that case, a notification
message needs to send to the user.
 
My question is, how can this background process tells the Apache server to
send this message.
 
/Yong
 


Mime
View raw message