Fran: 1) agreed. If a custom login page is needed, one has to look for other solutions such as cookie access control.
2) that depends. First, for some reasons, Internet is designed without "Logout". Many seldom logout from those services such as Yahoo mail, and me too. For the specific question you posted (one login only for an account), while it can be in principle designed and implemented, in practice, it may not work that smoothly, because many users still don't run "Logout". Trust me :-). So BA or cookie doesn't matter. Second, you can make a link to close the window using javascript, just like a "Logout" button. 3) will be very interesting to hear about your successful implementation! (BTW, if only the "existence" status of an account is needed to double check, please consider a lock file (e.g. -e) under Apache::File that may be much faster than to call SessionDBI) Peter ----- Original Message ----- From: "Fran Fabrizio" <[EMAIL PROTECTED]> To: "Peter Bi" <[EMAIL PROTECTED]> Cc: "Jeff" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, April 16, 2002 6:33 AM Subject: Re: Enforcing user logged in from only 1 browser? > Peter Bi wrote: > > If you touch SessionDBI for every request, why don't go directly to the > > Basic Authentication ? > > 1. You can't use a custom log in page > 2. You can't log out unless you close your browser > 3. It's for use by our employees only. They are told to enable cookies. =) > > -Fran > > > >