Re: Session Timeout for Apache?
At 01:59 PM 7/21/03, Mike McMullen wrote: Does anyone know of a utility or code that will time-out a web session with Apache? in httpd.conf (default is 5 minutes): # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Session Timeout for Apache?
Subject: Re: Session Timeout for Apache? At 01:59 PM 7/21/03, Mike McMullen wrote: Does anyone know of a utility or code that will time-out a web session with Apache? in httpd.conf (default is 5 minutes): # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 Please forgive my ignorance on this but looking at the documentation now for timeout I'm not certain this addresses what I want to do. I have users who access their information via certain CGI in their public_html/bin directories of the home directories. When they access their CGI and files they are prompted for their username and password via the pop-up window. What I would like to have happen is after say 30 minutes of inactivity, if someone tries to click a button or run a CGI, they get prompted with the pop-up login window of Apaches. Does Timeout address that? Sorry if this is intuitively obvious, Mike -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Session Timeout for Apache?
Mike McMullen wrote: Subject: Re: Session Timeout for Apache? At 01:59 PM 7/21/03, Mike McMullen wrote: Does anyone know of a utility or code that will time-out a web session with Apache? in httpd.conf (default is 5 minutes): # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 Please forgive my ignorance on this but looking at the documentation now for timeout I'm not certain this addresses what I want to do. I have users who access their information via certain CGI in their public_html/bin directories of the home directories. When they access their CGI and files they are prompted for their username and password via the pop-up window. What I would like to have happen is after say 30 minutes of inactivity, if someone tries to click a button or run a CGI, they get prompted with the pop-up login window of Apaches. Does Timeout address that? Sorry if this is intuitively obvious, Mike Using .htaccess to protect the directory? http://httpd.apache.org/docs/howto/auth.html#basicfaq How do I log out? Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products. Consequently, the answer to this question is, you can't. Sorry. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Session Timeout for Apache?
John, yes they use .htaccess. This confirms what I was coming to realize. Thanks, Mike - Original Message - From: John Nichel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:42 AM Subject: Re: Session Timeout for Apache? Mike McMullen wrote: Subject: Re: Session Timeout for Apache? At 01:59 PM 7/21/03, Mike McMullen wrote: Does anyone know of a utility or code that will time-out a web session with Apache? in httpd.conf (default is 5 minutes): # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 Please forgive my ignorance on this but looking at the documentation now for timeout I'm not certain this addresses what I want to do. I have users who access their information via certain CGI in their public_html/bin directories of the home directories. When they access their CGI and files they are prompted for their username and password via the pop-up window. What I would like to have happen is after say 30 minutes of inactivity, if someone tries to click a button or run a CGI, they get prompted with the pop-up login window of Apaches. Does Timeout address that? Sorry if this is intuitively obvious, Mike Using .htaccess to protect the directory? http://httpd.apache.org/docs/howto/auth.html#basicfaq How do I log out? Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products. Consequently, the answer to this question is, you can't. Sorry. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Session Timeout for Apache?
On Mon, 2003-07-21 at 14:42, John Nichel wrote: Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. I do this all the time (as do a lot of web based services) by authenticating using PHP scripts. You can have sessions in PHP that time out after a period of inactivity and if someone else tries to use the page they will have to re-enter the username and password. You can allow access to other resources only through the script, though that may not be possible with some services. -- What The...? http://www.what-the.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Session Timeout for Apache?
At 03:20 PM 7/21/03, Lee Flier wrote: On Mon, 2003-07-21 at 14:42, John Nichel wrote: Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account. I do this all the time (as do a lot of web based services) by authenticating using PHP scripts. You can have sessions in PHP that time out after a period of inactivity and if someone else tries to use the page they will have to re-enter the username and password. You can allow access to other resources only through the script, though that may not be possible with some services. I've done this also. In this case, I also include META refresh tags on all pages to refresh the client page, but the refresh actually presents a you have been logged out page, just the same as if the user had clicked the logout option of my menu system. Frank -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list