Re: [vox] Semi-OT: HTML, HTTP, authentication, revocation of auth
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] Semi-OT: HTML, HTTP, authentication, revocation of auth
On Wed, Aug 07, 2002 at 10:17:16AM -0700, ME wrote:
>
> There is something with web browsers with HTTP that has caused me to to
> wonder about authentication ever since the early days with Mosaic. It has
> bugged me, but never enough to really work at researching it - until now.
<snip>
This is really more of a vox-tech question, but I'll keep my response
here, since it's brief.
<snip>
> their authentication is cached in the memory used by their local
> browser. While the browser is left running, any user using that browser
> session can walk through any other part of that site or posibly other
> similar sites without being prompted for a username and password again.
You MAY be able to send regular HTTP headers (via CGI or something)
telling them (the browser) that the password is incorrect, even if it
isn't. That would probably cause the browser to pop up the auth. window
where it can be checked again. (Have the website decide to do this
after a certain amount of time or idle time...)
-bill!
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
|
