tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mayne, Peter" <>
Subject RE: logout and login again
Date Fri, 16 May 2003 00:53:49 GMT
Not quite. When basic authentication is used, the browser sends the
username/password with every request. Invalidating the session will not
cause the server to rerequest the authentication, because the browser sends
it anyway.

Obviously, invalidating the session at the server will have no effect,
because authentication happens without user intervention on every request
subsequent to the initial login.

There is no way to stop the browser sending the username/password with basic
authentication, so stopping and starting it is the only thing to do.

Peter Mayne
Technology Consultant
Spherion Technology Solutions
Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
T: 61 2 62689727  F: 61 2 62689777

> -----Original Message-----
> From: G. Wade Johnson [] 
> Sent: Friday, 16 May 2003 12:47 AM
> To: Tomcat Users List
> Subject: Re: logout and login again
> One surprise with the BASIC authentication is that the browser retains
> the userid and password you enter until it is restarted.
> When you invalidate the session, your server will rerequest the basic
> authentication from the browser. The browser finds that it already has
> a userid and password for this server/realm combination and sends it
> without bothering the end user.
> G. Wade
> Werner van Mook wrote:
> > 
> > Hi,
> > 
> > I'm new to this list so forgive me if this questions has been asked
> > before.
> > (although I couldn't find it in the archives).
> > 
> > I have a web app for which a user has to log in with a name and
> > password.
> > I give the users a way to logout by invalidating the 
> current session.
> > 
> > Now it should be possible to go back to the page where you 
> have to log
> > in and ask for the name and password.
> > 
> > This will not work for me. My browser does not show a login window.
> > It only shows it when I restart my browser.
> > 
> > I use basic authentication with the standard tomcat memory realm.
> > 
> > I hope I'm clear in my story.
> > 
> > Can anybody point me in the right direction.
> > 
> > Werner
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

The information contained in this email and any attachments to it:

(a) may be confidential and if you are not the intended recipient, any interference with,

use, disclosure or copying of this material is unauthorised and prohibited; and

(b) may contain personal information of the recipient and/or the sender as defined 
under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to 
collect, hold and use such information and any personal information contained in a 
response to this email, for any reasonable purpose in the ordinary course of 
business, including forwarding this email internally or disclosing it to a third party. All

personal information collected by Spherion will be handled in accordance with 
Spherion's Privacy Policy. If you have received this email in error, please notify the 
sender and delete it.

(c) you agree not to employ or arrange employment for any candidate(s) supplied in 
this email and any attachments without first entering into a contractual agreement with 
Spherion. You further agree not to divulge any information contained in this document 
to any person(s) or entities without the express permission of Spherion.

View raw message