|
Diener, Edward
Edward.Diener at loyaltyworks.com
Wed May 19 11:26:26 EDT 2004
OK, I understand that the browser is automatically supplying the authentication information to the server. Is there any way to short-circuit this for a particular URL ? The only thing I can think of is that since the browser is supplying authentication information on subsequent attempts within a session, if I can programatically close down the session, I can force the authentication dialog the next time around. Is there a way to programatically close down a session from the server side using mod_python ? Diener, Edward wrote: > Why would the browser hide this action from me, producing no prompt ? For the sake of convenience. A browser must prompt for the login when it first encounters a location protected by HTTP Basic Authentication, since it doesn't know the user/password. Obviously, anyone could program a browser that simply caches this information for later reuse, but convention requires that the browser forgets this information when you close it. In fact, many will offer to save these values for future use (a potentially dangerous practice). Why is this behavior important? Pick any modern password-protected web site and count the number of dependent files that must be loaded to render the page, such as images, stylesheets, javascript sources, etc. If your browser didn't remember your login, you would be prompted for every single one of those files. The site would be practically unusable. _______________________________________________ Mod_python mailing list Mod_python at modpython.org http://mailman.modpython.org/mailman/listinfo/mod_python
|