> I am using PHP to send a header to the browser requestiing authentication.
> On a successful login i am tracking inactivity by the client and want to
> expire the login once a timeout period is reached. Problem is if the
session
> expires and the user just refreshes then the orignal login details are
> passed to the script. How do I get the client to forget the previous login
> details?
You can't. It's just not part of the HTTP spec, and you'd have to convince
Microsoft, Netscape, Opera, etc to implement.
I believe you can use a different REALM after the the user is expired, and
then the username/password presented will not be valid.
This requires that you have a scheme for tracking various REALMs to present
to browser in your HTTP Authentication, so you never re-present the same one
twice to any given user.
Getting this right can be a bit tricky, but it's been done, and it's been
posted at least once, so it's in the archives...
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
