The problem is that with BASIC authentication the *browser* remembers the
logon information and resends it whenever needed. Hence things like
invalidating the session will not work, since the browser will simply log
the user in again without their intervention.
So far as I know, there is no solution to this problem. If you use BASIC
authentication, the user has to shut down the browser to log off.
If someone knows differently, I too would certainly love to hear the answer.
Nick
At 03:18 PM 6/13/01 -0400, you wrote:
>is it too obvious to say:
>
>send out the pages w/ an expire time....
>set the http session expiration to a desired interval to prevent use after x
>minutes...create a logoff function that invalidates their session...
>
>is that too simplistic?
>
>regards,
>Mike Conway
>
>cybermaster wrote:
>
> > <%
> > if (session != null) {
> > session.invalidate();
> > }
> >
> > %>
> >
> > --peter
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Smith Jason
> > Sent: Wednesday, June 13, 2001 6:38 AM
> > To: Orion-Interest
> > Subject: Force Logon after X minutes
> >
> > I am custom user-authentication.
> >
> > The user and groups are in a database and I am using BASIC authentication.
> >
> > How can I allow users to logoff w/o them closing their browser?
> >
> > How can I force them to logon again after x minutes?
> >
> > Thxs,
> >
> > Jason
