Question...

[Ron Beck <rb...@tqtx.com>]

Hello all,
I need to know how to clear the $ENV variables.  For example, I use a
.htaccess file for specific directories which requires the user to enter
userID and password.  When they exit the page, I want them to have to
re-enter userID and passwd if they enter the page again.  Does anyone
know how this is accomplished?

TIA,
Ron

Re: Question...

[Rodney Hampton <rh...@uniphied.com>]

Actually, you can use the onUnload handler in the body tag.
http://developer.netscape.com/docs/manuals/communicator/jsref/evnt24.htm

Rodney Hampton

Jon Robison wrote:
> 
> On page leave?  Well I think you can of course use javascript on all the
> links on the page, but I don't believe you can do much about the user
> typing in a new url in the browser. . .
> but that's just IMHO.
> 
> --Jon
> 
> Ryan Parr wrote:
> >
> > I think I'm missing something...
> >
> > If you set a session cookie (i.e. one with no expiry time) then the cookie
> > will be deleted immediately upon browser close, forcing the user to login
> > again if they've closed their browser instance.
> >
> > If you don't use cookies and allow basic auth then the exact same behavior
> > is called, forcing the user to re-login only if they've closed that browser
> > instance.
> >
> > Is there someway to expire cookies on page leave, or is this the smartass
> > thing you were referring to? :)
> >
> > -- Ryan Parr
> >
> > ----- Original Message -----
> > From: "Jon Robison" <jr...@uniphied.com>
> > To: "Ron Beck" <rb...@tqtx.com>
> > Cc: <mo...@apache.org>
> > Sent: Tuesday, February 12, 2002 12:28 PM
> > Subject: Re: Question...
> >
> > > Cookies!
> > >
> > > /me is in smartass mode today.
> > >
> > > --Jon
> > >
> > > Ron Beck wrote:
> > > >
> > > > Hello all,
> > > > I need to know how to clear the $ENV variables.  For example, I use a
> > > > .htaccess file for specific directories which requires the user to enter
> > > > userID and password.  When they exit the page, I want them to have to
> > > > re-enter userID and passwd if they enter the page again.  Does anyone
> > > > know how this is accomplished?
> > > >
> > > > TIA,
> > > > Ron

Re: Question...

[Jon Robison <jr...@uniphied.com>]

On page leave?  Well I think you can of course use javascript on all the
links on the page, but I don't believe you can do much about the user
typing in a new url in the browser. . .
but that's just IMHO.

--Jon


Ryan Parr wrote:
> 
> I think I'm missing something...
> 
> If you set a session cookie (i.e. one with no expiry time) then the cookie
> will be deleted immediately upon browser close, forcing the user to login
> again if they've closed their browser instance.
> 
> If you don't use cookies and allow basic auth then the exact same behavior
> is called, forcing the user to re-login only if they've closed that browser
> instance.
> 
> Is there someway to expire cookies on page leave, or is this the smartass
> thing you were referring to? :)
> 
> -- Ryan Parr
> 
> ----- Original Message -----
> From: "Jon Robison" <jr...@uniphied.com>
> To: "Ron Beck" <rb...@tqtx.com>
> Cc: <mo...@apache.org>
> Sent: Tuesday, February 12, 2002 12:28 PM
> Subject: Re: Question...
> 
> > Cookies!
> >
> > /me is in smartass mode today.
> >
> > --Jon
> >
> > Ron Beck wrote:
> > >
> > > Hello all,
> > > I need to know how to clear the $ENV variables.  For example, I use a
> > > .htaccess file for specific directories which requires the user to enter
> > > userID and password.  When they exit the page, I want them to have to
> > > re-enter userID and passwd if they enter the page again.  Does anyone
> > > know how this is accomplished?
> > >
> > > TIA,
> > > Ron

Re: Question...

[Steve Piner <st...@marketview.co.nz>]

Do you need to expire the cookie when you leave the page? How about the
following.

When they login, you send down a cookie. when they go to that page, you
check the cookie they sent, but send out a new value for that cookie,
invalidating it. So when they leave that page they send back your
invalid cookie.

When they go back to the page, they'll send the invalid cookie, and you
can then prompt them to log in or whatever.

You'll get the invalid cookie sent back for images on that page, but
that usually isn't a problem.

Steve Piner


Ryan Parr wrote:
> 
> I think I'm missing something...
> 
> If you set a session cookie (i.e. one with no expiry time) then the cookie
> will be deleted immediately upon browser close, forcing the user to login
> again if they've closed their browser instance.
> 
> If you don't use cookies and allow basic auth then the exact same behavior
> is called, forcing the user to re-login only if they've closed that browser
> instance.
> 
> Is there someway to expire cookies on page leave, or is this the smartass
> thing you were referring to? :)
> 
> -- Ryan Parr
> 
> ----- Original Message -----
> From: "Jon Robison" <jr...@uniphied.com>
> To: "Ron Beck" <rb...@tqtx.com>
> Cc: <mo...@apache.org>
> Sent: Tuesday, February 12, 2002 12:28 PM
> Subject: Re: Question...
> 
> > Cookies!
> >
> > /me is in smartass mode today.
> >
> > --Jon
> >
> > Ron Beck wrote:
> > >
> > > Hello all,
> > > I need to know how to clear the $ENV variables.  For example, I use a
> > > .htaccess file for specific directories which requires the user to enter
> > > userID and password.  When they exit the page, I want them to have to
> > > re-enter userID and passwd if they enter the page again.  Does anyone
> > > know how this is accomplished?
> > >
> > > TIA,
> > > Ron

RE: Question...

[Burak Gürsoy <je...@yahoo.com>]

you can use sessions... there are some modules for this. Forexample,
Apache::ASP has the $Session object... or you can use javascript to delete
the cookie (maybe)

-----Original Message-----
From: Ryan Parr [mailto:ryanparr@cableone.net]
Sent: Wednesday, February 13, 2002 11:00 AM
To: Jon Robison; Ron Beck
Cc: modperl@apache.org
Subject: Re: Question...


I think I'm missing something...

If you set a session cookie (i.e. one with no expiry time) then the cookie
will be deleted immediately upon browser close, forcing the user to login
again if they've closed their browser instance.

If you don't use cookies and allow basic auth then the exact same behavior
is called, forcing the user to re-login only if they've closed that browser
instance.

Is there someway to expire cookies on page leave, or is this the smartass
thing you were referring to? :)

-- Ryan Parr

----- Original Message -----
From: "Jon Robison" <jr...@uniphied.com>
To: "Ron Beck" <rb...@tqtx.com>
Cc: <mo...@apache.org>
Sent: Tuesday, February 12, 2002 12:28 PM
Subject: Re: Question...


> Cookies!
>
> /me is in smartass mode today.
>
> --Jon
>
> Ron Beck wrote:
> >
> > Hello all,
> > I need to know how to clear the $ENV variables.  For example, I use a
> > .htaccess file for specific directories which requires the user to enter
> > userID and password.  When they exit the page, I want them to have to
> > re-enter userID and passwd if they enter the page again.  Does anyone
> > know how this is accomplished?
> >
> > TIA,
> > Ron


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re: Question...

[Ryan Parr <ry...@cableone.net>]

I think I'm missing something...

If you set a session cookie (i.e. one with no expiry time) then the cookie
will be deleted immediately upon browser close, forcing the user to login
again if they've closed their browser instance.

If you don't use cookies and allow basic auth then the exact same behavior
is called, forcing the user to re-login only if they've closed that browser
instance.

Is there someway to expire cookies on page leave, or is this the smartass
thing you were referring to? :)

-- Ryan Parr

----- Original Message -----
From: "Jon Robison" <jr...@uniphied.com>
To: "Ron Beck" <rb...@tqtx.com>
Cc: <mo...@apache.org>
Sent: Tuesday, February 12, 2002 12:28 PM
Subject: Re: Question...


> Cookies!
>
> /me is in smartass mode today.
>
> --Jon
>
> Ron Beck wrote:
> >
> > Hello all,
> > I need to know how to clear the $ENV variables.  For example, I use a
> > .htaccess file for specific directories which requires the user to enter
> > userID and password.  When they exit the page, I want them to have to
> > re-enter userID and passwd if they enter the page again.  Does anyone
> > know how this is accomplished?
> >
> > TIA,
> > Ron

Re: Question...

[Jon Robison <jr...@uniphied.com>]

Cookies!

/me is in smartass mode today.

--Jon

Ron Beck wrote:
> 
> Hello all,
> I need to know how to clear the $ENV variables.  For example, I use a
> .htaccess file for specific directories which requires the user to enter
> userID and password.  When they exit the page, I want them to have to
> re-enter userID and passwd if they enter the page again.  Does anyone
> know how this is accomplished?
> 
> TIA,
> Ron

Re: Question...

[Uwe Voelker <uw...@gmx.de>]

> I need to know how to clear the $ENV variables.  For example, I use a
> .htaccess file for specific directories which requires the user to enter
> userID and password.  When they exit the page, I want them to have to
> re-enter userID and passwd if they enter the page again.  Does anyone
> know how this is accomplished?


Clearing %ENV will not work. You have to send a 403 response.

Uwe