-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/10/2014 6:03 p.m., santosh wrote: > Hello Amos, > > Thanks for your reply , is there a way to prompt for > reauthentication if an browsing session is inactive by setting the > TTL value ? . You are getting yourself into trouble by confusing the concept of authentication and concept of browsing session. Authentication is at its core a yes/no binary value about whether the client is who they say they are. eg. are you actually "santosh"? yes/no. What you are asking is only doable by changing the users credentials, so the browser cannot use the old ones any more AND in such a way that the browser cannot automatically find out what the new ones are. eg. offering users one-time logins which get erased or marked invalid in the authentication backend system. With the 407 page delivered containing instructions to get a new one-time password. So if they press cancel on the browser popup they can follow that process, then login again. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUP1wcAAoJELJo5wb/XPRjaq8IAJDcVPti4fyMPAMadDf0lE/W bvj4OCjk/pvCAaa4l3kiHQWyJVWVVIGotKutcByPRIIDgi0inwpwa7bzkLQdhxPA d2j4MWdYTnTP8xKwMXXdEs5b58liwQlGJm+wzg7Ecdmntgviqbrv4hh4qV8fEIEf dUzB0F5O8x6SL0eTistdtNq4SDXOKrGfQ7YqaQfCiFcHV6AAU15k0cYqxcH8W0Xl S9Sm/HzEZS5LZt+tJy2aE0Uu5KKElJS/0zpN2s9G4mNR+ThIBUq0lUFFRWXg92by HZrdSLfBauPUFvOSR/P/Cs/XWzFuh05qqyw/QzjSvBAO2ghq0pMG6rkCTvbQvMw= =buJ1 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
