Christopher Schultz wrote:
Also, you could set the error page that is used when a user doesn't
have
the proper credentials to something that gives you the opportunity to
re-login in order to access the forbidden resource. When you want to
log
someone out of BASIC authentication, you have to
this is correct
The authenticate header must identify at least one Authentication challenge
(Basic,Digest,SPAP,MSCHAP whatever)
with regards to Basic Authentication
To receive authorization, the client sends the userid and password, separated
by a single colon (:) character, within a base64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mitch,
Fisher, Mitchell L wrote:
Christopher Schultz wrote:
When you want to log someone out of BASIC authentication, you
have to send a blank WWW-Authenticate header to the client,
just the same way that Tomcat would do if you weren't already
Christopher Schultz wrote:
Also, you could set the error page that is used when a user doesn't have
the proper credentials to something that gives you the opportunity to
re-login in order to access the forbidden resource. When you want to log
someone out of BASIC authentication, you have to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
John Caron wrote:
Christopher Schultz wrote:
Also, you could set the error page that is used when a user doesn't have
the proper credentials to something that gives you the opportunity to
re-login in order to access the forbidden resource.