RE: how to tell Tomcat to send a blank WWW-Authenticate header?

Christopher Schultz wrote: Also, you could set the error page that is used when a user doesn't have the proper credentials to something that gives you the opportunity to re-login in order to access the forbidden resource. When you want to log someone out of BASIC authentication, you have to

Re: how to tell Tomcat to send a blank WWW-Authenticate header?

this is correct The authenticate header must identify at least one Authentication challenge (Basic,Digest,SPAP,MSCHAP whatever) with regards to Basic Authentication To receive authorization, the client sends the userid and password, separated by a single colon (:) character, within a base64

Re: how to tell Tomcat to send a blank WWW-Authenticate header?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mitch, Fisher, Mitchell L wrote: Christopher Schultz wrote: When you want to log someone out of BASIC authentication, you have to send a blank WWW-Authenticate header to the client, just the same way that Tomcat would do if you weren't already

how to tell Tomcat to send a blank WWW-Authenticate header?

Christopher Schultz wrote: Also, you could set the error page that is used when a user doesn't have the proper credentials to something that gives you the opportunity to re-login in order to access the forbidden resource. When you want to log someone out of BASIC authentication, you have to

Re: how to tell Tomcat to send a blank WWW-Authenticate header?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, John Caron wrote: Christopher Schultz wrote: Also, you could set the error page that is used when a user doesn't have the proper credentials to something that gives you the opportunity to re-login in order to access the forbidden resource.