stopping concurrent logins
i'm sure this is not a novel need, but i have failed to find or come up with just yet any (non-cookie) solution yet. i'm trying dearly to avoid cookies, but if that's the best or only way to do this, feel free to speak up. i'd love to hear from someone who has already tackled the problem of stopping concurrent web logins to a protected web space. realizing that ultimately people can share their username/password to a for-fee protected web site, we would at *least* like to avoid the possibility that two people could both be logged in at the same time from two different computers. the use of IP address doesn't seem adequate since many users come through a router/proxy running NAT. any pointers?
Re: AuthDBI logoff
if there was a means by which i could strip out the Authorization header in the client request, this would force a 401 response from the server which would also satisfy my specific need. is there a means by which i can manipulate an incoming request header from the client? On Sat, 29 Mar 2003, Thomas Klausner wrote: > Hi! > > On Fri, Mar 28, 2003 at 02:27:29PM -0500, Todd White wrote: > > i'm seeking a means by which i can allow my web users to "logoff" after > > authenticating for access to restricted web space. i realize that users > > can just close their browser, but i'm seeking a solution that allows the > > browser to remain open. essentially, i want a button that a user can > > click that causes the web browser to drop the credentials for the realm. > > AFAIK, something like "logoff" is impossible with BASIC Auth (which AuthDBI > uses). > > Take a look at Apache::AuthCookie, which implements its own Authentication > scheme and allows "logoff". > > Or take a look at Recipie 13.7 in the mod_perl Developers Cookbook. > > -- > #!/usr/bin/perl http://domm.zsi.at > for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/} >
AuthDBI logoff
i'm seeking a means by which i can allow my web users to "logoff" after authenticating for access to restricted web space. i realize that users can just close their browser, but i'm seeking a solution that allows the browser to remain open. essentially, i want a button that a user can click that causes the web browser to drop the credentials for the realm. i'm considering writing an Apache handler and returning an Apache::Constants constant. but i'm wondering if anyone would have other suggestions. btw, Apache 1.3 / mod_perl 1