|
David Fraser
davidf at sjsoft.com
Wed May 19 18:26:45 EDT 2004
From my experience, you'll be a lot better off doing your own thing with cookies (or using the mod_python session code) than trying to use HTTP authentication. It's just as easy to code and you have a lot more flexibility - HTTP authentication support in most browsers isn't really designed for logging out. David Diener, Edward wrote: >OK, I understand that the browser is automatically supplying the >authentication information to the server. Is there any way to >short-circuit this for a particular URL ? The only thing I can think of >is that since the browser is supplying authentication information on >subsequent attempts within a session, if I can programatically close >down the session, I can force the authentication dialog the next time >around. Is there a way to programatically close down a session from the >server side using mod_python ? > >Diener, Edward wrote: > > > >>Why would the browser hide this action from me, producing no prompt ? >> >> > >For the sake of convenience. A browser must prompt for the login when it > >first encounters a location protected by HTTP Basic Authentication, >since it doesn't know the user/password. Obviously, anyone could program > >a browser that simply caches this information for later reuse, but >convention requires that the browser forgets this information when you >close it. In fact, many will offer to save these values for future use >(a potentially dangerous practice). > >Why is this behavior important? Pick any modern password-protected web >site and count the number of dependent files that must be loaded to >render the page, such as images, stylesheets, javascript sources, etc. >If your browser didn't remember your login, you would be prompted for >every single one of those files. The site would be practically unusable. >_______________________________________________ >Mod_python mailing list >Mod_python at modpython.org >http://mailman.modpython.org/mailman/listinfo/mod_python > >_______________________________________________ >Mod_python mailing list >Mod_python at modpython.org >http://mailman.modpython.org/mailman/listinfo/mod_python > > >
|