You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Bob Herrmann <bo...@jadn.com> on 2002/08/30 00:34:19 UTC
[5] Session.logout()
The JSP spec 2.4 gives us Session.logout(), what do we do when using
Basic authentication? Once challenged, the web browser keeps passing
the user/pass (right?) so any ideas about how to get the browser to
re-challenge the end user? (change the domain?)
Cheers,
-bob
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [5] Session.logout()
Posted by Patrick Luby <pa...@sun.com>.
Bob,
You are correct that browsers keep passing the user/pass with each
request. As for getting the browser to rechallenge, that is very tricky
and would be hacky at best.
I would expect that when Basic authentication is used and the last
request caused Session.logout() to called, the next request (which will
contain a valid user/pass), will effectively log the user in.
Trying to make Basic authentication act exactly like FORM authentication
is probably not realistic as the display of user/pass input screen is
browser dependent. Effectively, the user is silently logging back in
with the next visit. I believe that this still complies with the spec. I
suspect that the real problem may be that the bug submitter's
interpretation of the spec may be a bit inaccurate.
Patrick
Bob Herrmann wrote:
> The JSP spec 2.4 gives us Session.logout(), what do we do when using
> Basic authentication? Once challenged, the web browser keeps passing
> the user/pass (right?) so any ideas about how to get the browser to
> re-challenge the end user? (change the domain?)
>
>
> Cheers,
> -bob
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
________________________________________________________________
Patrick Luby Email: patrick.luby@sun.com
Sun Microsystems Phone: 408-276-7471
901 San Antonio Road, USCA14-303
Palo Alto, CA 94303-4900
________________________________________________________________
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>