jaweed ali wrote:
Thanks for reply
Yes i am using the "AuthType Basic" Apache directive with
in <Locatgion /directory> tage
And i am niether setting cookie not using javascripting for user id
and password.
In Basic Authentication When a request is made to a URI, the web
server returns a HTTP 401 unauthorized status code to the client:
HTTP/1.1 401 Authorization Required This tells the client to supply a
username and password. Included in the 401 status code is the
authentication header. The client requests the username and password
from the user, typically in a dialog box. The client browser
concatenates the username and password using a ":" separator and base
64 encodes the string. A second request is then made for the same
resource including the encoded username password string in the
authorization headers.
I hope this wil give you an idea what i am trying to do
Right now the problem is that i could not find any mechanism available
to the server to cause the browser to 'logout'; that is, to discard
its stored credentials for the user.
Thanks
If you are using AuthType Basic, then that is one of the limitations.
There is no mechanism to tell the browser to "logout". The browser is
simply sending the authentication information via the headers when
making the HTTP request. When you close all of the browser windows, it
will forget the authentication information and "logout". Some browsers,
like Firefox, have plug-ins that allow you to clear the HTTP
authentication information, but you cannot do it from the server side.
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
