Thor HW wrote:
> Craig:
> Yes, that will invalidate the session, but the web browser will provide the
> un/pw to the next call from the same domain, which then wont ask the user to
> log in again. It doesn't provide a forced log in the second time around. I
> haven't found a nice way around this, other than to set another cookie
> marking the browser as a dead session.
>
I haven't ever played with Basic authentication and servlets together, but
can't you do something like send an SC_UNAUTHORIZED response whenever you
discover that there is no current session? This would also cover the case
where it really is the same user, but they let their session time out.
>
> Thor HW
Craig
>
> ----- Original Message -----
> From: Craig R. McClanahan <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 02, 1999 10:07 AM
> Subject: Re: Forced Log on
>
> > Antonio Villafana wrote:
> >
> > > Hi everyone,Here is my question........ How can I force a log-on
> > > using HTTP authentication in my servlet. Currently, if a user logs off
> > > and tries to log on immediately after, he/she is not presented with
> > > the authentication dialog. I am using
> > > the<resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED) to capture
> > > usernname and password if initial try is invalid. Also, shouldn't
> > > <session.invalidate> destroy that session immediately?I'm using
> > > ServletExec.......with Apache. Code Snippet for session
> > > invalidation: HttpSession session = req.getSession(true);
> > > if (session != null) {
> > > HttpSessionContext context = session.getSessionContext();
> > > HttpSession curSession = context.getSession("Login.User");
> > > if (curSession != null) curSession.invalidate();
> > > } Any Suggestions.....Antonio
> >
> > One thing to note is that HttpSessionContext was deprecated in version
> > 2.1 of the API, and you won't be able to use it. If all you want to do
> > is invalidate the current session, just do this:
> >
> > HttpSession session = req.getSession(false);
> > if (session != null)
> > session.invalidate();
> >
> > Craig McClanahan
> >
> >
> ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
