IMHO The JBOSS application should probably be handling the logins, if this application is very sophisticated. How are you handling sessions? On Fri, 2008-12-19 at 13:06 +0000, Tom Evans wrote: > On Fri, 2008-12-19 at 12:14 +0000, Kirk, Laurence wrote: > > I have apache acting as a proxy and providing authentication to a > > JBoss application server . I time out sessions in JBoss but I think > > the browser is storing the login details as the user can carry on > > without having to log in again. > > > > Is there a way to force the browser to delete login details , or for > > apache to force reauthentication when there is a new session ? > > > > Has anyone else come across this situation ? > > > > Thanks, > > Laurence > > > > This e-mail is confidential and is for the addressee only. Please > > refer to www.jpmorgancazenove.com/disclaimers/jpmorgancazenove.htm for > > important disclaimers and the firm's regulatory position. > > If you mean "is there a way to clear basic auth settings from the > browser", then yes, you can send a 403 response. Once a browser receives > a 403, it forgets any authorization it knew from the same realm, and > prompts the user for new credentials. If it receives a 2XX or 3XX in > response, the browser then remembers those credentials and sends them > along with all other requests to the same server, until it receives a > 403 response. > > If you mean "can I make the browser forget 'remembered passwords'", then > no, you cant do anything about that. You could be logging them out, they > try to access something, apache prompts for basic auth, and the user's > browser just resupplies the saved information. That is perfectly valid, > and beyond your control. > > Cheers > > Tom > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx