httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] LogOut
Date Tue, 31 Aug 2004 10:14:14 GMT
Martinez Gonzalez, Francisco wrot:
> I have a web aplication with HTTP basic authentification (headers). If I
> want to login with another user, I have to close the browser and open
> again.
>
> Is there anyway to make a logout without close/open the browser?

Nope, because you haven't really logged on in the first place. Login/logout
is terms used with sessions; HTTP and its Basic Authentication are
stateless. What happens when you "login" is that you teach the browser your
credentials so it can send them with each future request without querying
you.

In order to use other credentials in the same realm, you must make the
browser forget the current ones. This is, of course, browser dependent. One
complicated way that will often work is to temporary remove the user from
the password file (or change the password) then have the browser make a
request, which will fail. That will usually cause it to prompt the user
again. A similar technique would be to change the realm name.

However, even if it is possible to mimic sessions with Basic Auth, it is not
what it was designed to do, so it will be dirty anyway you do it.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message