|
>Apparently this is just hiding the content not actually signing them off. Unless Apache on iSeries works differently, there's nothing to "signoff". The first time a browser requests a page that's protected it doesn't send an authenticated header, and as such, the server kicks the request back with a 401 requesting authentication. The browser then asks the user for the username and password and then responds to the server by including an authentication header w/the username and password. All subsequent request also include the username and password. In reality each request is checked by the server and since the authentication header is already there (and valid) the content is served. How would you sign that off? There is no statefull session information there to signoff -- it's up to the browser to throw out the cached username and password. Now, sending a new 401 response may cause the browser to throw out it's cache of the old username and password, I'm not sure (and the answer would vary from browser to browser) but I don't see what you could do on the server to force it. Of course, if you didn't use native authentication and either rolled your own plugin for basic authentication, or went with something that was session based you'd be better off, but that is more work. -Walden ------------ Walden H Leverich III Tech Software (516) 627-3800 x3051 WaldenL@xxxxxxxxxxxxxxx http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.)
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.