At 10:11 AM 03/03/01 -0500, Pierre Phaneuf wrote:
>The problem here is that the first basic authentication is not any
>different from the next ones, so if he marks the user as logged out,
>going to an page requiring authentication will simply mark the user as
>logged in.

That's what I was assuming.

>Basic authentication is annoying. They forgot to put a way to revoke the
>thing when they designed it. Eh, that's life...

That's the real point.  Sometimes you have to weigh the use of a always-on
feature like basic authentication vs. maybe-on cookies.  

If you really must use basic authentication then besides the AUTH_REQUIRED
trick, sometimes you can get clients to forget by sending them to a new URL
with an embedded username and password that logs into the same AuthName but
with a different username/password combination.  But, you CAN'T count on
anything working unless you know all your clients -- if even then.

If your problem is that some clients don't use cookies, then perhaps
Apache::AuthCookieURL might help.




Bill Moseley
mailto:[EMAIL PROTECTED]

Reply via email to