Michael Ströder a écrit :
Beth E. Okun wrote:
We're running Apache with ssl enabled..........We're using Basic
authentication, and if the user browses away from our site and then
comes back, they are not forced to log on again.......it appears that
these settings are being stored somewhere, or that the connection is
not being closed..........
How about to read about how Basic Authentication works? Or maybe watch
the traffic with http://livehttpheaders.mozdev.org? Basically the
browser caches username/password once entered for a HTTP authc realm
and sends it in the header of every HTTP request. That's the problem
with HTTP basic authc.
This Apache related, not modssl related.
Whereas, there are technical ways to reproduce an end of session, using
secondary session_id, just like phpmyadmin.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]