Re: Browser refresh sends username/password after log out -- URGENT

> More clearly the issue here is also that:

Hi Krk, could you please clarify which type of authentication you are using to make sure we're not missing something obvious.

Are you using form-based authentication or HTTP authentication? Form-based authentication is when you have a login page for your application containing a FORM with INPUT tags for the username and password. HTTP authentication typically protects an entire directory and the user's web browser will pop-up a login message box where they enter their username and password.

Most of the responses to your question have assumed that you are using form-based authentication, because your initial e-mail stated that as the problem occurred you received the message "Press retry to send it again," assuming this was happening when you were trying to resend the first login page, not the 7th page. But if you get this message on the 7th page, then perhaps you aren't using form-based authentication to begin with.

If you use form-based authentication, then I would say what's been said so far is pretty accurate. If you use HTTP authentication, that changes things. That would explain why you see your username and password get sent again when refreshing the logout page... or any of the application pages for that matter, since basic HTTP authentication will typically resend your username and password with each request.

Regards,
-Jim Received on Wed Aug 6 12:59:22 2003