perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhijit Hoskeri <abhi...@deeproot.co.in>
Subject Re: Disconnection from basic auth
Date Thu, 23 Aug 2007 05:24:12 GMT
On Thu, Aug 23, 2007 at 12:11:37AM -0500, William A. Rowe, Jr. wrote:
> Geoffrey Young wrote:
> > 
> > Matthieu FEREYRE wrote:
> >> I use a basic authentification (Apache2::Access) wich works fine, but my 
> >> question is :
> >> How do I disconnect users ?
> > 
> > the short answer is that you can't.  this is why you don't see popup
> > authentication anywhere anymore :)
> > 
> > "When you determine that the client should stop using the
> > credentials/session key, the server can tell the client to delete the
> > cookie. Letting users "log out" is a notoriously impossible-to-solve
> > problem of AuthBasic."
> 

Or you could force the user to connect to the same resource under a
different "dummy" username, named, say logout, with no privileges, but
under the same AuthRealm. 

Then their old 'connection' to that resource under their own ID will be
forgotten by the browser, and (as far as I know) the server too. This is
a pretty fool proof solution, I think.

-Abhijit

Mime
View raw message