Reauthenticate SSL password
Russell Glasser
pages, requiring you to log in at the beginning of your session.
Currently, the only way to log in as a different user is to close the
browser and authenticate again. I would like to provide a "log out"
button so users can switch between multiple accounts.
>From reading I've already done, it looks like the way to do that is to
send them to a page with a 401 status, which will automatically require
reauthentication. So I created logout.cgi, which prints the following:
-- BEGIN HTML --
Status: 401 Authorization Required
WWW-Authenticate: Basic realm="GSA"
Content-type: text/html
You have been logged out.
-- END HTML --
This seems like a good first step, because when I opened this page in a
browser (Mozilla) I got the username and password prompt. However,
when I entered the information, it thought for a second and then asked
me for the username and password again. This repeated over and over
until I hit "cancel", at which point I was given the message "You have
been logged out." At that point I was able to open the main page of my
web application and it forced me to re-enter my credentials, and then I
was logged in again.
How can I get this to work in one step? I also tried redirecting after
the logout page by adding a meta tag, like this:
-- BEGIN HTML --
Status: 401 Authorization Required
WWW-Authenticate: Basic realm="GSA"
Content-type: text/html
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=main.cgi">
You have been logged out.
-- END HTML --
That didn't work, though; it only sent me to the main.cgi after I
cancelled the authentication on the first page.
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.
HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html