At 04:11 PM 3/5/01 +1300, Simon Garner wrote:
>From: "Ken" <[EMAIL PROTECTED]>
> > Why it's bad is that, if the user clicks "cancel", they are not logged
>out. They have to manually clear the field, THEN OK, then they get prompted
>AGAIN, THEN they hit cancel. That's nuts, and my users aren't going to
>understand that.
> >
>
>Why do they need to be able to log out?
Because they are on a shared computer.
>If the user doesn't want their password saved (e.g. they're on a public PC)
>then they just uncheck the "Save password" box when logging in, and then
>they can close the browser and be "logged out".
>
>If they want their password saved then they can check the "Save password"
>box and not worry.
Nope - with IE5.5, even with that box NOT checked, the user remains logged in until
either a) the computer is restarted, or b) a new user-authentication header is sent,
AND the user clears out the password field and hits OK. Otherwise the user stays
logged in, in spite of the HTTP spec.
>It sounds to me like you're trying to implement something that no users are
>actually going to need or want...
Nope, I'm working with a real client, who has multiple users on the same machine, and
IE5.5 is installed on it, and, lo and behold, though the rest of the browsers work
fine, IE5.5 has this awful bug.
>However, if you want more control over the authentication process I suggest
>making your own login form and using cookies, instead of HTTP
>authentication. Then you can log users out just by unsetting the cookie(s).
This is how I will wind up going, EXCEPT the users will be required to click "logout",
since merely closing the browser, in IE5.5, does not seem to clear the user/password
from the browser's memory, NOR does it clear any session cookie. Again, works fine in
other browsers, per spec.
Thanks,
Ken
>Cheers
>
>Simon Garner
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
