Thanks for reply
Yes i am using the "AuthType Basic" Apache directive with in <Locatgion
/directory> tage
And i am niether setting cookie not using javascripting for user id and
password.
In Basic Authentication When a request is made to a URI, the web server returns
a HTTP 401 unauthorized status code to the client:
HTTP/1.1 401 Authorization Required This tells the client to supply a username
and password. Included in the 401 status code is the authentication header. The
client requests the username and password from the user, typically in a dialog
box. The client browser concatenates the username and password using a ":"
separator and base 64 encodes the string. A second request is then made for the
same resource including the encoded username password string in the
authorization headers.
I hope this wil give you an idea what i am trying to do
Right now the problem is that i could not find any mechanism available to the
server to cause the browser to 'logout'; that is, to discard its stored
credentials for the user.
Thanks > Date: Tue, 2 Sep 2008 17:21:41 -0500> From: [EMAIL PROTECTED]> To:
users@httpd.apache.org> Subject: Re: [EMAIL PROTECTED] Is there any way that
allows user to logout while using basic apache webserver authentication ?> >
jaweed ali wrote:> > Hi> > I have apache with basic authentication setup with
LDAP for users > > credential. apache allow me to login on server but once a
user login > > to the webapplication and then even close the browser, the
browser > > still have Authentication Session safe. And next time if you just >
> visit same site the browser itself passes the uid/pssword to login the > >
website. which is really a security issue so any one can access site > > from
the PC.> > I also performed the senario such as> > 1: I setup my site as
www.mysite.com/site > > <http://www.mysite.com/site> and setup user1/passwd as
uid password > > to access it> > 2: on the othere hand I setup other directory
say > > www.mysite.com/logout <http://www.mysite.com/logout> and configured to
> > autenticate logout/logout as userid password> > > > if i access
www.mysite.com/site <http://www.mysite.com/site> by > > passing user1/pwsswd it
successfully loging> > after that i access www.mysite.com/logout > >
<http://www.mysite.com/logout> with logout/logout successfullu but > > the
problem is that> > if i just access www.mysite.com/site
<http://www.mysite.com/site> it > > just allow me to loging witout asking user
id password> > > > so this way also doesnot provide a way to secure the site> >
> > Is there any way that i can follow to secure my site or there is no > > way
to secure site with apache when using basic authentication> > > > Thanks> > Are
you using the "AuthType Basic" Apache directive or are you > authentication the
user via another means (such as a script that prompts > for the username and
password, then save it in a cookie)?> > If it is the former, then their is no
standard way to allow the user to > "logout". Some browsers (i.e. Firefox) have
plug-ins available that will > allow you to clear the HTTP authentication
information, but they do not > come with the browser. When you close the
browser, it automatically > clears this authentication information. Are you
SURE that you closed ALL > browser windows?> > If it is the latter (which
actually sounds more likely, since you say > the user is going to
www.mysite.com/logout), then your code is probably > setting a cookie with an
expiration date in the future. The logout page > is not properly clearing that
cookie, so when you reopen the browse, the > cookie is found and the user is
automatically logged in. You would need > to adjust your code so that it
creates a cookie that is only active for > the current session.> > Justin
Pasher> >
---------------------------------------------------------------------> The
official User-To-User support forum of the Apache HTTP Server Project.> See
<URL:http://httpd.apache.org/userslist.html> for more info.> To unsubscribe,
e-mail: [EMAIL PROTECTED]> " from the digest: [EMAIL PROTECTED]> For additional
commands, e-mail: [EMAIL PROTECTED]>
_________________________________________________________________
Get ideas on sharing photos from people like you. Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008
