[mod_python] Controlling authentication at run-time

Diener, Edward Edward.Diener at loyaltyworks.com
Wed May 19 11:26:26 EDT 2004

OK, I understand that the browser is automatically supplying the
authentication information to the server. Is there any way to
short-circuit this for a particular URL ? The only thing I can think of
is that since the browser is supplying authentication information on
subsequent attempts within a session, if I can programatically close
down the session, I can force the authentication dialog the next time
around. Is there a way to programatically close down a session from the
server side using mod_python ?

Diener, Edward wrote:

> Why would the browser hide this action from me, producing no prompt ?

For the sake of convenience. A browser must prompt for the login when it

first encounters a location protected by HTTP Basic Authentication, 
since it doesn't know the user/password. Obviously, anyone could program

a browser that simply caches this information for later reuse, but 
convention requires that the browser forgets this information when you 
close it. In fact, many will offer to save these values for future use 
(a potentially dangerous practice).

Why is this behavior important? Pick any modern password-protected web 
site and count the number of dependent files that must be loaded to 
render the page, such as images, stylesheets, javascript sources, etc. 
If your browser didn't remember your login, you would be prompted for 
every single one of those files. The site would be practically unusable.
Mod_python mailing list
Mod_python at modpython.org

More information about the Mod_python mailing list