dcsimg
How can I provide for a "logout" mechanism after the user is logged in using HTTP BASIC or HTTP FORM authentication?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   neal_ravindran
Posted On:   Tuesday, August 26, 2003 09:28 PM

How can I provide for a "logout" mechanism after the user is logged in using HTTP BASIC or HTTP FORM authentication? Is there such a concept? Would invalidating the session work in this regard

Re: How can I provide for a "logout" mechanism after the user is logged in using HTTP BASIC or HTTP FORM authentication?

Posted By:   Anonymous  
Posted On:   Tuesday, August 26, 2003 11:17 PM

If you invalidate the session, all session data would be lost. This could be enough for the purpose of logging out a user logged on using HTTP FORM (if authentication data is stored in session).


On the other hand, HTTP BASIC is quite different, since the authentication information is send by the browser. That means, that if you invalidate the session user data will be lost, but if the user tries to continue in your application, he will be able to do that, since the browser continues send authentication information.


One workaorund could be the close of the browser window after invalidating the session using JavaScript.


Hope it helps,

David

About | Sitemap | Contact