tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "G. Wade Johnson" <wade.john...@abbnm.com>
Subject Re: logout and login again
Date Mon, 19 May 2003 13:40:09 GMT
At the moment, I don't know of any. However, I am not currently
depending on that behavior.<grin/>

G. Wade

> "Mayne, Peter" wrote:
> 
> Do you know of any browsers that don't send the basic authentication
> header with every request?
> 
> Your last paragraph is an excellent generalisation. :-)
> 
> PJDM
> --
> Peter Mayne
> Technology Consultant
> Spherion Technology Solutions
> Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
> T: 61 2 62689727  F: 61 2 62689777
> 
> > -----Original Message-----
> > From: G. Wade Johnson [mailto:wade.johnson@abbnm.com]
> > Sent: Saturday, 17 May 2003 12:00 AM
> > To: Tomcat Users List
> > Subject: Re: logout and login again
> >
> >
> > Almost... From RFC 2617,
> >
> >    A client SHOULD assume that all paths at or deeper than
> > the depth of
> >    the last symbolic element in the path field of the Request-URI
> also
> >    are within the protection space specified by the Basic
> > realm value of
> >    the current challenge. A client MAY preemptively send the
> >    corresponding Authorization header with requests for resources in
> 
> >    that space without receipt of another challenge from the server.
> >
> > So the browser may send the userid and password each time (if the
> > request is deeper in the tree), but it's not required to.
> >
> > In other words, if you don't want the browser to do this...it will,
> > and if you rely on the browser to do this...a browser somewhere
> won't.
> > <grin/>
> >
> > G. Wade
> >
> >
> > > "Mayne, Peter" wrote:
> > >
> > > Not quite. When basic authentication is used, the browser sends
> the
> > > username/password with every request. Invalidating the session
> will
> > > not cause the server to rerequest the authentication, because the
> > > browser sends it anyway.
> > >
> > > Obviously, invalidating the session at the server will have
> > no effect,
> > > because authentication happens without user intervention on every
> > > request subsequent to the initial login.
> > >
> > > There is no way to stop the browser sending the
> > username/password with
> > > basic authentication, so stopping and starting it is the
> > only thing to
> > > do.
> > >
> > > PJDM
> > > --
> > > Peter Mayne
> > > Technology Consultant
> > > Spherion Technology Solutions
> > > Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
> > > T: 61 2 62689727  F: 61 2 62689777
> > >
> > > > -----Original Message-----
> > > > From: G. Wade Johnson [mailto:wade.johnson@abbnm.com]
> > > > Sent: Friday, 16 May 2003 12:47 AM
> > > > To: Tomcat Users List
> > > > Subject: Re: logout and login again
> > > >
> > > >
> > > > One surprise with the BASIC authentication is that the browser
> > > retains
> > > > the userid and password you enter until it is restarted.
> > > >
> > > > When you invalidate the session, your server will rerequest the
> > > basic
> > > > authentication from the browser. The browser finds that it
> already
> > > has
> > > > a userid and password for this server/realm combination
> > and sends it
> > >
> > > > without bothering the end user.
> > > >
> > > > G. Wade
> > > >
> > > > Werner van Mook wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm new to this list so forgive me if this questions has been
> > > asked
> > > > > before.
> > > > > (although I couldn't find it in the archives).
> > > > >
> > > > > I have a web app for which a user has to log in with a name
> and
> > > > > password.
> > > > > I give the users a way to logout by invalidating the
> > > > current session.
> > > > >
> > > > > Now it should be possible to go back to the page where you
> > > > have to log
> > > > > in and ask for the name and password.
> > > > >
> > > > > This will not work for me. My browser does not show a login
> > > window.
> > > > > It only shows it when I restart my browser.
> > > > >
> > > > > I use basic authentication with the standard tomcat
> > memory realm.
> > > > >
> > > > > I hope I'm clear in my story.
> > > > >
> > > > > Can anybody point me in the right direction.
> > > > >
> > > > > Werner
> > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > >
> > > > > For additional commands, e-mail:
> > > tomcat-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > >
> > > >
> > >
> > > The information contained in this email and any attachments to it:
> 
> > >
> > > (a) may be confidential and if you are not the intended
> > recipient, any interference with,
> > > use, disclosure or copying of this material is unauthorised
> > and prohibited; and
> > >
> > > (b) may contain personal information of the recipient
> > and/or the sender as defined
> > > under the Privacy Act 1988 (Cth). Consent is hereby given
> > by the recipient(s) to
> > > collect, hold and use such information and any personal
> > information contained in a
> > > response to this email, for any reasonable purpose in the
> > ordinary course of
> > > Spherion's
> > > business, including forwarding this email internally or
> > disclosing it to a third party. All
> > > personal information collected by Spherion will be handled
> > in accordance with
> > > Spherion's Privacy Policy. If you have received this email
> > in error, please notify the
> > > sender and delete it.
> > >
> > > (c) you agree not to employ or arrange employment for any
> > candidate(s) supplied in
> > > this email and any attachments without first entering into
> > a contractual agreement with
> > > Spherion. You further agree not to divulge any information
> > contained in this document
> > > to any person(s) or entities without the express permission
> > of Spherion.
> > >
> > >
> ---------------------------------------------------------------
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> 
> > > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> >
> 
> The information contained in this email and any attachments to it:
> 
> (a) may be confidential and if you are not the intended recipient, any interference with,
> use, disclosure or copying of this material is unauthorised and prohibited; and
> 
> (b) may contain personal information of the recipient and/or the sender as defined
> under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to
> collect, hold and use such information and any personal information contained in a
> response to this email, for any reasonable purpose in the ordinary course of
> Spherion's
> business, including forwarding this email internally or disclosing it to a third party.
All
> personal information collected by Spherion will be handled in accordance with
> Spherion's Privacy Policy. If you have received this email in error, please notify the
> sender and delete it.
> 
> (c) you agree not to employ or arrange employment for any candidate(s) supplied in
> this email and any attachments without first entering into a contractual agreement with
> Spherion. You further agree not to divulge any information contained in this document
> to any person(s) or entities without the express permission of Spherion.
> 
>     ---------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message