Reauthenticate SSL password

14 views
Skip to first unread message

Russell Glasser

unread,
May 31, 2006, 11:27:43 AM5/31/06
to
I'm working with a set of online tools that get delivered as https
pages, requiring you to log in at the beginning of your session.
Currently, the only way to log in as a different user is to close the
browser and authenticate again. I would like to provide a "log out"
button so users can switch between multiple accounts.

>From reading I've already done, it looks like the way to do that is to
send them to a page with a 401 status, which will automatically require
reauthentication. So I created logout.cgi, which prints the following:

-- BEGIN HTML --
Status: 401 Authorization Required
WWW-Authenticate: Basic realm="GSA"
Content-type: text/html

You have been logged out.
-- END HTML --

This seems like a good first step, because when I opened this page in a
browser (Mozilla) I got the username and password prompt. However,
when I entered the information, it thought for a second and then asked
me for the username and password again. This repeated over and over
until I hit "cancel", at which point I was given the message "You have
been logged out." At that point I was able to open the main page of my
web application and it forced me to re-enter my credentials, and then I
was logged in again.

How can I get this to work in one step? I also tried redirecting after
the logout page by adding a meta tag, like this:

-- BEGIN HTML --
Status: 401 Authorization Required
WWW-Authenticate: Basic realm="GSA"
Content-type: text/html

<META HTTP-EQUIV="Refresh" CONTENT="0; URL=main.cgi">
You have been logged out.
-- END HTML --

That didn't work, though; it only sent me to the main.cgi after I
cancelled the authentication on the first page.


--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.

HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html

Reply all
Reply to author
Forward
0 new messages