jaweed ali wrote:
Thanks for replyYes i am using the "AuthType Basic" Apache directive with in <Locatgion /directory> tage And i am niether setting cookie not using javascripting for user id and password. In Basic Authentication When a request is made to a URI, the web server returns a HTTP 401 unauthorized status code to the client: HTTP/1.1 401 Authorization Required This tells the client to supply a username and password. Included in the 401 status code is the authentication header. The client requests the username and password from the user, typically in a dialog box. The client browser concatenates the username and password using a ":" separator and base 64 encodes the string. A second request is then made for the same resource including the encoded username password string in the authorization headers. I hope this wil give you an idea what i am trying to do Right now the problem is that i could not find any mechanism available to the server to cause the browser to 'logout'; that is, to discard its stored credentials for the user. Thanks
If you are using AuthType Basic, then that is one of the limitations. There is no mechanism to tell the browser to "logout". The browser is simply sending the authentication information via the headers when making the HTTP request. When you close all of the browser windows, it will forget the authentication information and "logout". Some browsers, like Firefox, have plug-ins that allow you to clear the HTTP authentication information, but you cannot do it from the server side.
Justin Pasher --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx