At 10:11 AM 03/03/01 -0500, Pierre Phaneuf wrote:
>The problem here is that the first basic authentication is not any
>different from the next ones, so if he marks the user as logged out,
>going to an page requiring authentication will simply mark the user as
>logged in.
That's what I was assuming.
>Basic authentication is annoying. They forgot to put a way to revoke the
>thing when they designed it. Eh, that's life...
That's the real point. Sometimes you have to weigh the use of a always-on
feature like basic authentication vs. maybe-on cookies.
If you really must use basic authentication then besides the AUTH_REQUIRED
trick, sometimes you can get clients to forget by sending them to a new URL
with an embedded username and password that logs into the same AuthName but
with a different username/password combination. But, you CAN'T count on
anything working unless you know all your clients -- if even then.
If your problem is that some clients don't use cookies, then perhaps
Apache::AuthCookieURL might help.
Bill Moseley
mailto:[EMAIL PROTECTED]
