[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: Disconnection from basic auth
From:       Abhijit Hoskeri <abhijit () deeproot ! co ! in>
Date:       2007-08-23 5:36:12
Message-ID: 20070823052411.GA3213 () deeproot ! co ! in
[Download RAW message or body]

On Thu, Aug 23, 2007 at 12:11:37AM -0500, William A. Rowe, Jr. wrote:
> Geoffrey Young wrote:
> > 
> > Matthieu FEREYRE wrote:
> >> I use a basic authentification (Apache2::Access) wich works fine, but my 
> >> question is :
> >> How do I disconnect users ?
> > 
> > the short answer is that you can't.  this is why you don't see popup
> > authentication anywhere anymore :)
> > 
> > "When you determine that the client should stop using the
> > credentials/session key, the server can tell the client to delete the
> > cookie. Letting users "log out" is a notoriously impossible-to-solve
> > problem of AuthBasic."
> 

Or you could force the user to connect to the same resource under a
different "dummy" username, named, say logout, with no privileges, but
under the same AuthRealm. 

Then their old 'connection' to that resource under their own ID will be
forgotten by the browser, and (as far as I know) the server too. This is
a pretty fool proof solution, I think.

-Abhijit
[prev in list] [next in list] [prev in thread] [next in thread]