|
Graham Dumpleton
grahamd at dscpl.com.au
Tue Apr 25 18:57:24 EDT 2006
Dan Eloff wrote .. > > Using cookies instead of (or in addition to) HTTP authentication > > (Basic/Digest) is in many cases somewhat better, mainly because > > you have better control over the browser memorizing passwords > > and that the server can make it easy to log off a user (just try to > > log off when using HTTP authentication). > > Tell me about. I just implemented a mixed authentication system > yesterday (wrote my own impl of basic auth protocol, because an auth > handler wasn't working well for me) and was annoyed to discover that > even when I logout, the browser logs me right back in. I ditched that > now. I could have saved myself the trouble had I done my research > better to start with. Not perhaps relevant as suggestions are to perhaps not be using basic authorisation, but thought the following link may be of interest: HTTP Authentication with HTML Forms http://www.peej.co.uk/articles/http-auth-with-html-forms.html This describes how one can use HTML forms with some JavaScript to implement basic authentication. That is, avoid the browser based popup login window. I presume that even though this method is used that the browser is still remembering the credentials for subsequent requests and thus is still not providing a logout as such. Still interesting. Graham
|