perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Gies <r...@livesite.net>
Subject Looking for a way to identify a retry-with-authorization request
Date Tue, 06 Nov 2007 20:36:38 GMT
Any chance there is a methodology with which I may identify
when a browser is sending me a retry-with-authorization request?

Intention: To issue a response which ultimately brings up the
browser's log-in dialog.  Yes, I'm trying to implement the already
well-known inability to 'log-out' after browser authentication.

The issue: To quote RFC 2616 sec 14.8

  A user agent that wishes to authenticate itself with a server--
  usually, but not necessarily, after receiving a 401 response--does
  so by including an Authorization request-header field with the
  request.

I cannot differentiate between this 'including an Authorization
request-header' and a request where the log-in dialog was
displayed and the user entered their user-name and password.  Both are
responses to 401 server-response.

The only way (and it is not even near acceptable) would be to use the
elapsed time between the 401 response and the subsequent request.

I appreciate any help but expect answer is both 'we already told you
that can't be done' and 'no you can't do it.'

-Ryan

Mime
View raw message