On 05-Mar-01 Ken wrote:
> At 04:11 PM 3/5/01 +1300, Simon Garner wrote:
>>From: "Ken" <[EMAIL PROTECTED]>
>> > Why it's bad is that, if the user clicks "cancel", they are not logged
>>out. They have to manually clear the field, THEN OK, then they get prompted
>>AGAIN, THEN they hit cancel. That's nuts, and my users aren't going to
>>understand that.
>> >
>>
>>Why do they need to be able to log out?
>
> Because they are on a shared computer.
>
>>If the user doesn't want their password saved (e.g. they're on a public PC)
>>then they just uncheck the "Save password" box when logging in, and then
>>they can close the browser and be "logged out".
>>
>>If they want their password saved then they can check the "Save password"
>>box and not worry.
>
> Nope - with IE5.5, even with that box NOT checked, the user remains logged
> in until either a) the computer is restarted, or b) a new
> user-authentication header is sent, AND the user clears out the password
> field and hits OK. Otherwise the user stays logged in, in spite of the HTTP
> spec.
>
>>It sounds to me like you're trying to implement something that no users are
>>actually going to need or want...
>
> Nope, I'm working with a real client, who has multiple users on the same
> machine, and IE5.5 is installed on it, and, lo and behold, though the rest
> of the browsers work fine, IE5.5 has this awful bug.
>
>>However, if you want more control over the authentication process I suggest
>>making your own login form and using cookies, instead of HTTP
>>authentication. Then you can log users out just by unsetting the cookie(s).
>
> This is how I will wind up going, EXCEPT the users will be required to click
> "logout", since merely closing the browser, in IE5.5, does not seem to clear
> the user/password from the browser's memory, NOR does it clear any session
> cookie. Again, works fine in other browsers, per spec.
>
Is this a NT-Domain network ? It's been a few years since i was sysadmining,
but the user might have to log off the network domain/workgroup to
re-select the credential file (luser.pwl file or whatever Bill & the boys
from Redmond call it now).
But i'll agree that if IE keeps the authentication after you close the browser,
it _is_ borken.
Regards,
--
Don Read [EMAIL PROTECTED]
-- If you are going to sin, sin against God, not the bureaucracy.
God will forgive you but the bureaucrats won't.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
