httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Pasher <just...@newmediagateway.com>
Subject Re: [users@httpd] Is there any way that allows user to logout while using basic apache webserver authentication ?
Date Wed, 03 Sep 2008 14:25:38 GMT
jaweed ali wrote:
> Thanks for reply
> Yes i am  using the "AuthType Basic" Apache directive  with 
> in <Locatgion /directory> tage
>  And i am niether setting cookie not using javascripting for user id 
> and password.
>  
> In Basic Authentication When a request is made to a URI, the web 
> server returns a HTTP 401 unauthorized status code to the client:
> HTTP/1.1 401 Authorization Required This tells the client to supply a 
> username and password. Included in the 401 status code is the 
> authentication header. The client requests the username and password 
> from the user, typically in a dialog box. The client browser 
> concatenates the username and password using a ":" separator and base 
> 64 encodes the string. A second request is then made for the same 
> resource including the encoded username password string in the 
> authorization headers.
>  
> I hope this wil give you an idea what i am trying to do
>  
> Right now the problem is that i could not find any mechanism available 
> to the server to cause the browser to 'logout'; that is, to discard 
> its stored credentials for the user.
>  
> Thanks
>

If you are using AuthType Basic, then that is one of the limitations. 
There is no mechanism to tell the browser to "logout". The browser is 
simply sending the authentication information via the headers when 
making the HTTP request. When you close all of the browser windows, it 
will forget the authentication information and "logout". Some browsers, 
like Firefox, have plug-ins that allow you to clear the HTTP 
authentication information, but you cannot do it from the server side.

Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message