|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: UDP 53 (udp53_at_hotmail.com)
Date: Mon Nov 25 2002 - 05:13:02 CST
I am looking at a web app which uses HTTP authentication (over SSL) for user
login. No mechanism is employed for session state management, and the app
relies upon the default browser behaviour (of resending the encoded
authentication string with each subsequent request) in order to re-identify
the user through their session. No form of timeout is enforced by the
server.
Does anyone know if it is possible to enforce any kind of server-side
timeout in this set-up? I.e., is there a way for the server to instruct the
browser to destroy the cached login credentials, so that the user must
reauthenticate?
UDP53
=====
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]