Hosting Provided By

Re: HTTP authentication and session timeout

From: Craig Skelton <craig(at)craigskelton.com>
Date: Mon Nov 25 2002 - 10:28:05 EST

The auth string is initially sent to the browser from the server as a base64 encoded pair. From the server side, you can override the current auth string by simply sending a new one. Send a blank string or a string with invalid data, and you have effectively logged out the user...

One has to point out that this inherently means the connection must be statefull in some way, since you must know when and who to timeout.Therefore, I wonder why you would really want to stick with basic http auth? Received on Mon Nov 25 14:38:53 2002

This message: [ Message body ]
Next message: zeno: "Re: Hijacking URL Encoded Session IDs using Referer Logs"
Previous message: ONEILL David J: "Re: Hijacking URL Encoded Session IDs using Referer Logs"
In reply to: Dawes, Rogan (ZA - Johannesburg): "RE: HTTP authentication and session timeout"
Next in thread: Jason Coombs: "RE: HTTP authentication and session timeout"
Reply: Jason Coombs: "RE: HTTP authentication and session timeout"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT