Craig:
I have tried that exact approach.............didn't work!:-(
You have to request the Authorization header first.....and with this action
the browser checks its un/pw for the session, and if this a valid session,
the user is automatically allowed to log on.
Antonio
----- Original Message -----
From: Craig R. McClanahan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 03, 1999 1:05 AM
Subject: Re: Forced Log on
> Thor HW wrote:
>
> > Craig:
> > Yes, that will invalidate the session, but the web browser will provide
the
> > un/pw to the next call from the same domain, which then wont ask the
user to
> > log in again. It doesn't provide a forced log in the second time
around. I
> > haven't found a nice way around this, other than to set another cookie
> > marking the browser as a dead session.
> >
>
> I haven't ever played with Basic authentication and servlets together, but
> can't you do something like send an SC_UNAUTHORIZED response whenever you
> discover that there is no current session? This would also cover the case
> where it really is the same user, but they let their session time out.
>
>
> >
> > Thor HW
>
> Craig
>
>
> >
> > ----- Original Message -----
> > From: Craig R. McClanahan <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, December 02, 1999 10:07 AM
> > Subject: Re: Forced Log on
> >
> > > Antonio Villafana wrote:
> > >
> > > > Hi everyone,Here is my question........ How can I force a log-on
> > > > using HTTP authentication in my servlet. Currently, if a user logs
off
> > > > and tries to log on immediately after, he/she is not presented with
> > > > the authentication dialog. I am using
> > > > the<resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED) to capture
> > > > usernname and password if initial try is invalid. Also, shouldn't
> > > > <session.invalidate> destroy that session immediately?I'm using
> > > > ServletExec.......with Apache. Code Snippet for session
> > > > invalidation: HttpSession session = req.getSession(true);
> > > > if (session != null) {
> > > > HttpSessionContext context = session.getSessionContext();
> > > > HttpSession curSession = context.getSession("Login.User");
> > > > if (curSession != null) curSession.invalidate();
> > > > } Any Suggestions.....Antonio
> > >
> > > One thing to note is that HttpSessionContext was deprecated in version
> > > 2.1 of the API, and you won't be able to use it. If all you want to
do
> > > is invalidate the current session, just do this:
> > >
> > > HttpSession session = req.getSession(false);
> > > if (session != null)
> > > session.invalidate();
> > >
> > > Craig McClanahan
> > >
> > >
> >
___________________________________________________________________________
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > Resources:
http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > >
> >
> >
___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
