perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Prime x443" <apr...@brunico.com>
Subject RE: Basic Authentication & logout
Date Wed, 22 Jun 2005 17:32:58 GMT

Ideally, you expire the session on the server (ie, in the DB), rather than by removing the
cookie.

Common hacks people use to remove cookies are setting the expiry in the past, or to +1s, or
simply to put invalid content into the cookie, which your auth mechanism will subsequently
disregard.  

Adam

-----Original Message-----
From: Simon Perreault [mailto:nomis80@lqt.ca]
Sent: Wednesday, June 22, 2005 12:26 PM
To: modperl@perl.apache.org
Subject: Re: Basic Authentication & logout


On Wednesday 22 June 2005 11:15, Andrea Palmeri wrote:
> My question is: how do I logout users which have been authenticated ?
> (responding to an html link)

This is basically impossible. People telling you otherwise are assuming that 
one browser's quirks are standard.

Mime
View raw message