Heiko Sommerfeldt wrote: > Can this mechanism be used to enforce a logout? My web site should > have a "logout/new login" link. When this link is activated, the > browser should ask for new login credentials.
It would not work reliable since for example, IE6 shows the login dialog with previously entered user name and password when the stale flag is set to false. I've seen logout links only in web applications using non-HTTP authentication so far. However I think a new published property that allows to set the lifetime of the nonce could be a improvement. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
