On Sat, 3 Mar 2001, Kiran Kumar.M wrote:

> hi , i'm using mod_perl authentication handler, where the user's
> credentials are checked against a database and in the database i have
> a flag which tells the login status (y|n), but aftr the user logs out
> the status is changed to n , my problem is that after logging out if
> the user goes one page back and submits the browser sends the username
> and password again , and the status is changed to y . Is there any
> means of removing the username and password from the browsers cache.
>

I'm assuming you are using Basic Authentication here...

I haven't used Basic Authentication in a couple years now, but I seem to
remember that you can specify a 'Realm' in which the username and password
is valid.  If you change this realm when the user logs out, then they will
be prompted for their username and password again.

So instead of storing a y/n in the database, store a unique string that is
used as the realm, and clear it when they log out.  Now everytime you send
the Authenitication required header, send the unique realm for this user
that you stored in the database, and if it doesn't exist, generate a new
one.

-- 
Cees

Reply via email to