On Mon, 1 Nov 1999, Wyman Eric Miles wrote:
>
> I should have realized that. I managed to architect a kludge that sets
> the cookie but causes a fragment of the HTTP header to appear in the
> browser the first time. For now, I'm content with it.
>
> The next question is, when the cookie expires 2 hours later, the initial
> SecurID user/password has long since expired. How do I cause the module
> to force the basic auth dialogs again?
>
> $r -> note_basic_auth_failure;
> return AUTH_REQUIRED;
>
> Doesn't seem to work.
that's cause netscape, ie, etc, cache basic credentials. so even though a
401 code is sent to the client, they just reuse the existing
username/password in memory.