Returning a 401 HTTP response to the user should be sufficient to force
current IE and Netscape browsers to re-request user credentials. However I
have noticed that many versions (including IE5.5) will cache the password
thus allowing the user to simply hit enter to re-authenticate.
It is imposs
One can use in a servlet, or a JSP:
if ( session.getAttribute("logged_out") != null ){
response.sendError(response.SC_UNAUTHORIZED, "Logout...");
return;
}
Whenever you want your user logged out: set a session attribute called
"logged_out".
On the main page do not chec
Title: RE: Force Logon after X minutes
The browser remembers the Authorization header for that realm. There are couple of ways you can force browser to relogin.
Option 1)In your code have a kind of check for time interval after time interval if you get a request send the 401 response.
I
Hello Smith,
Create a class that implements HttpSessionBindingListener.
In the valueUnbound(HttpSessionBindingEvent event) put whatever code
you need to logout .
When you create the session, store an object of that class, so when
the session expires the user logout.
--
Best regards,
Rafael
The problem is that with BASIC authentication the *browser* remembers the
logon information and resends it whenever needed. Hence things like
invalidating the session will not work, since the browser will simply log
the user in again without their intervention.
So far as I know, there is no so
is it too obvious to say:
send out the pages w/ an expire time
set the http session expiration to a desired interval to prevent use after x
minutes...create a logoff function that invalidates their session...
is that too simplistic?
regards,
Mike Conway
cybermaster wrote:
> <%
> i
<%
if (session != null) {
session.invalidate();
}
%>
--peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Smith Jason
Sent: Wednesday, June 13, 2001 6:38 AM
To: Orion-Interest
Subject: Force Logon after X minut