W3C home > Mailing lists > Public > www-html@w3.org > August 1998

Re: log-out or time-out with HTTP Basic/Digest authentication

From: Tyrone Borromeo <TBORROME@ph.oracle.com>
Date: 15 Aug 98 17:26:11 +0800
Message-Id: <199808150927.AA071483247@plapla.ph.oracle.com>
To: owner-www-managers@lists.stanford.edu
Cc: www-servers@w3.org, www-html@w3.org, www-managers@lists.stanford.edu, www-security@ns2.Rutgers.EDU
Hello again. 

Thanks for the response, but how exactly do I use the scheme  
http://user:pwd@www.server.com/ ?

 I am sorry if this topic has been brought up before.  I am new in this mailing list.  Allow me to
introduce ... I am Tyrone Borromeo, technical consultant, Internet
Services/Electronic Commerce, Oracle Systems, Philippines.

Also, another problem I am encountering with HTTP authentication on the client side is
with MSIE 4.0.  I use multiple realms in which users can log into.  With Netscape, when a user
shifts from one realm to another with a separate login name, the server will fail the
previous log in and prompt to login again. So that's no problem, a user can shift from one
realm to another. But somehow, with IE, it does not fail the previous log in.  It accepts the
next login but keeping the previous one active. So the user is brought to the new realm and
cannot relogin to te previous one because it is considered active since the user already
logged into that realm.   Do you know how to avoid this?

By the way, I am using Oracle WebServer 2.1 on Windows NT 4.0. 


Tyrone Borromeo

attached mail follows:

>Can you force a log-out or a time-out with HTTP Basic/Digest authent=
>ication? I am
>trying to implement this kind of authentication for my site.

No, not from the server side since the client actually logs in for every
new request. There is no persistent connection to be logged out from
really. You could script the server to make it change the password
occasionally, but that may not be what you want.

From the client side, if you are "logged in" with one user/pwd pair you can
force your browser to forget this by using the scheme:



List archive: http://www-archive.stanford.edu/lists/www-managers.html
Mailing list manager command reference: http://lists.stanford.edu/
To unsubscribe: Send the message body of "unsubscribe www-managers" to
Received on Saturday, 15 August 1998 05:30:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:05:48 UTC