|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Craig Skelton (craig_at_craigskelton.com)
Date: Mon Nov 25 2002 - 09:28:05 CST
The auth string is initially sent to the browser from the server as a base64
encoded pair. From the server side, you can override the current auth
string by simply sending a new one. Send a blank string or a string with
invalid data, and you have effectively logged out the user...
One has to point out that this inherently means the connection must be
statefull in some way, since you must know when and who to
timeout.Therefore, I wonder why you would really want to stick with basic
http auth?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]