This isn't entirely true. Below:
On Mon, 14 Feb 2000, Ken Williams wrote:
> Date: Mon, 14 Feb 2000 22:02:02 -0600
> From: Ken Williams <ken@forum.swarthmore.edu>
> To: John Walker <john@jsw4.net>
> Cc: "'modperl@apache.org'" <modperl@apache.org>
> Subject: Re: UN-Authenticating users?
>
> john@jsw4.net (John Walker) wrote:
> >I'm writing some stuff with CGI under mod perl. The users have to
> >authenticate prior to even getting to the script... However, some of my
> >users have more than one login with separate privlidges... (provided by
> >the script). I want them to be able to log out and then log back in as
> >someone else, but I can't quite figure out how to "UN-Authenticate".
> >(DE-Authenticate?)
Send the user another request for authentication. The browser
doesn't know whether or not the username is valid or not, so it'll prompt
the user for username and password. I've done this in the past for
administrators who need to log in for users and it worked quite nicely.
> The login credentials are stored in the browser, and browsers don't
> provide any logout mechanism. It's been one of the most glaring
> oversights since version 1 of Netscape, in my opinion.
The main reason for this is because the browser doesn't know when
the credentials are invalid. Send a request for auth and the browser
assumes it's credentials are out of date/bad and it'll prompt the user.
> >I'm using CGI.pm under Apache::Registry, so I don't have a nice $r
> >object to see if I could do something like $c->user = ""; which I'm
> >guessing would barf anyway.
Ugh... CGI.pm? Any chance you could move the use of CGI.pm to
Apache::Request? 1001 times faster and doesn't have the code bloat of the
HTML generation.
--
Sean Chittenden
sean.chittenden@usa.net
On Mon, 14 Feb 2000, Ken Williams wrote:
> Date: Mon, 14 Feb 2000 22:02:02 -0600
> From: Ken Williams <ken@forum.swarthmore.edu>
> To: John Walker <john@jsw4.net>
> Cc: "'modperl@apache.org'" <modperl@apache.org>
> Subject: Re: UN-Authenticating users?
>
> john@jsw4.net (John Walker) wrote:
> >I'm writing some stuff with CGI under mod perl. The users have to
> >authenticate prior to even getting to the script... However, some of my
> >users have more than one login with separate privlidges... (provided by
> >the script). I want them to be able to log out and then log back in as
> >someone else, but I can't quite figure out how to "UN-Authenticate".
> >(DE-Authenticate?)
Send the user another request for authentication. The browser
doesn't know whether or not the username is valid or not, so it'll prompt
the user for username and password. I've done this in the past for
administrators who need to log in for users and it worked quite nicely.
> The login credentials are stored in the browser, and browsers don't
> provide any logout mechanism. It's been one of the most glaring
> oversights since version 1 of Netscape, in my opinion.
The main reason for this is because the browser doesn't know when
the credentials are invalid. Send a request for auth and the browser
assumes it's credentials are out of date/bad and it'll prompt the user.
> >I'm using CGI.pm under Apache::Registry, so I don't have a nice $r
> >object to see if I could do something like $c->user = ""; which I'm
> >guessing would barf anyway.
Ugh... CGI.pm? Any chance you could move the use of CGI.pm to
Apache::Request? 1001 times faster and doesn't have the code bloat of the
HTML generation.
--
Sean Chittenden
sean.chittenden@usa.net