httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martinez Gonzalez, Francisco" <fmartin...@endesa.es>
Subject RE: [users@httpd] LogOut
Date Tue, 31 Aug 2004 14:08:14 GMT

:(


Thanks to all



-----Mensaje original-----
De: Robert Andersson [mailto:robert@profundis.nu]
Enviado el: martes, 31 de agosto de 2004 12:14
Para: users@httpd.apache.org
Asunto: Re: [users@httpd] LogOut


Martinez Gonzalez, Francisco wrot:
> I have a web aplication with HTTP basic authentification (headers). If I
> want to login with another user, I have to close the browser and open
> again.
>
> Is there anyway to make a logout without close/open the browser?

Nope, because you haven't really logged on in the first place. Login/logout
is terms used with sessions; HTTP and its Basic Authentication are
stateless. What happens when you "login" is that you teach the browser your
credentials so it can send them with each future request without querying
you.

In order to use other credentials in the same realm, you must make the
browser forget the current ones. This is, of course, browser dependent. One
complicated way that will often work is to temporary remove the user from
the password file (or change the password) then have the browser make a
request, which will fail. That will usually cause it to prompt the user
again. A similar technique would be to change the realm name.

However, even if it is possible to mimic sessions with Basic Auth, it is not
what it was designed to do, so it will be dirty anyway you do it.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Este mensaje de correo electrónico y sus documentos adjuntos están dirigidos
EXCLUSIVAMENTE a los destinatarios especificados. La información contenida
puede ser CONFIDENCIAL y/o estar LEGALMENTE PROTEGIDA y no necesariamente
refleja la opinión de ENDESA. Si usted recibe este mensaje por ERROR, por
favor comuníqueselo inmediatamente al remitente y  ELIMÍNELO ya que usted
NO ESTA AUTORIZADO al uso, revelación, distribución, impresión o copia de
toda o alguna parte de la información contenida. Gracias. 

This e-mail message and any attached files are intended SOLELY for the
addressee/s identified herein. It may contain CONFIDENTIAL and/or LEGALLY
PRIVILEGED  information and may not necessarily represent the opinion of
ENDESA. If you receive this message in ERROR, please immediately notify the
sender and DELETE it since you ARE NOT AUTHORIZED  to use, disclose,
distribute, print or copy all or part of the contained information. Thank
you.  

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message