Re: more mod_perl configuration woes

(logging out was the real reason for using Apache::AuthCookie and not just AuthBasic in apache ).

Logging out is possible with AuthBasic; just create a script that deliberately sends a 401 header and it will clear the browser's authentication cache. (Although looking at some other people's comments, this may be browser dependent...)

Comment on Re: more mod_perl configuration woes

Replies are listed 'Best First'.
Re: Re: more mod_perl configuration woes by valdez (Monsignor) on Mar 10, 2004 at 10:47 UTC
Some more infos about this: How do I log out? Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products. Consequently, the answer to this question is, you can't. Sorry. cited from Frequently asked questions about basic auth of Apache 1.3 documentation. Ciao, Valerio	[reply]

Replies are listed 'Best First'.

Re: Re: more mod_perl configuration woes
by valdez (Monsignor) on Mar 10, 2004 at 10:47 UTC

Some more infos about this:

How do I log out?

Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.

However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.

Consequently, the answer to this question is, you can't. Sorry.

Frequently asked questions about basic auth

Ciao, Valerio

[reply]