Re: Clearing login details from browser

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



IMHO The JBOSS application should probably be handling the logins, if
this application is very sophisticated. 
How are you handling sessions?

On Fri, 2008-12-19 at 13:06 +0000, Tom Evans wrote:
> On Fri, 2008-12-19 at 12:14 +0000, Kirk, Laurence wrote:
> > I have  apache  acting as a proxy and providing authentication to a
> > JBoss application server . I time out sessions in JBoss  but I think
> > the browser is storing the login details as the user can carry on
> > without having to log in again. 
> > 
> > Is there a way to force the browser to delete login details , or for
> > apache to force reauthentication when there is a new session ?
> > 
> > Has anyone else come across this situation ?
> > 
> > Thanks, 
> > Laurence
> > 
> > This e-mail is confidential and is for the addressee only. Please
> > refer to www.jpmorgancazenove.com/disclaimers/jpmorgancazenove.htm for
> > important disclaimers and the firm's regulatory position.
> 
> If you mean "is there a way to clear basic auth settings from the
> browser", then yes, you can send a 403 response. Once a browser receives
> a 403, it forgets any authorization it knew from the same realm, and
> prompts the user for new credentials. If it receives a 2XX or 3XX in
> response, the browser then remembers those credentials and sends them
> along with all other requests to the same server, until it receives a
> 403 response.
> 
> If you mean "can I make the browser forget 'remembered passwords'", then
> no, you cant do anything about that. You could be logging them out, they
> try to access something, apache prompts for basic auth, and the user's
> browser just resupplies the saved information. That is perfectly valid,
> and beyond your control.
> 
> Cheers
> 
> Tom
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux