Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 39018 invoked from network); 31 Aug 2004 10:14:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 31 Aug 2004 10:14:42 -0000 Received: (qmail 82951 invoked by uid 500); 31 Aug 2004 10:14:25 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 82927 invoked by uid 500); 31 Aug 2004 10:14:24 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 82896 invoked by uid 99); 31 Aug 2004 10:14:23 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from [213.80.46.101] (HELO mail03.profundis.se) (213.80.46.101) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 31 Aug 2004 03:14:21 -0700 Received: from server02-a.profundis.se ([213.80.46.103] helo=PROFUNDIS01) by mail03.profundis.se with smtp (Exim 4.32) id I3B33R-001PLS-OK for users@httpd.apache.org; Tue, 31 Aug 2004 12:14:15 +0200 Message-ID: <12b101c48f43$4524d8c0$652e50d5@profundis.se> Reply-To: "Robert Andersson" From: "Robert Andersson" To: References: Date: Tue, 31 Aug 2004 12:14:14 +0200 Organization: Profundis MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Checked: Checked Subject: Re: [users@httpd] LogOut X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Martinez Gonzalez, Francisco wrot: > I have a web aplication with HTTP basic authentification (headers). If I > want to login with another user, I have to close the browser and open > again. > > Is there anyway to make a logout without close/open the browser? Nope, because you haven't really logged on in the first place. Login/logout is terms used with sessions; HTTP and its Basic Authentication are stateless. What happens when you "login" is that you teach the browser your credentials so it can send them with each future request without querying you. In order to use other credentials in the same realm, you must make the browser forget the current ones. This is, of course, browser dependent. One complicated way that will often work is to temporary remove the user from the password file (or change the password) then have the browser make a request, which will fail. That will usually cause it to prompt the user again. A similar technique would be to change the realm name. However, even if it is possible to mimic sessions with Basic Auth, it is not what it was designed to do, so it will be dirty anyway you do it. Regards, Robert Andersson --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org