At 06:28 PM 12/19/00 +0000, you wrote:
>Hi there.
>
>I've been trying to write a system to perform authentication using the
www-authenticate (http authenatication) method. However, I need a client
visiting the page and having been authenticated to be able to logout and
have their browser forget the information (or at least be able to force the
browser to re-authenticate within the same browser session).
>
There are two phases of Apache user authorization, namely, authentication
and authorization. I think that you need to set a flag when the user
logs-out to force authorization to reject requests and force a new login
(which would then clear the flag on success). The flag could also be tied
to a timer such that if no request was received after a defined time span,
the flag could be set for that user. This approach would not require a
cookie. I have never done this, but it should work.
