[ previous ] [ next ] [ threads ]
 From:  Mykel <Mykel at mWare dot ca>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] feature request
 Date:  Fri, 10 Dec 2004 16:11:59 -0500
Henning Wangerin wrote:

>On Fri, 2004-12-10 at 10:18, Manuel Kasper wrote:
>>You can't really "logout" with HTTP authentication; you'd have to convince
>>your browser to forget the login credentials that you entered, so it's a
>>browser issue. There's no "session" on m0n0wall that could be killed; the
>>credentials are sent with each request. We could return a 401 response, as
>>this makes some browsers clear the cached credentials, but AFAIR this
>>isn't necessarily true.
>It ISN'T true. Had that discustion with a customer some years ago, so I
>had to convince him ;-)
>I tested most browsers available at that time, and as far as I remember,
>about 1/3 of them I tested didn't forget the credentials.
You could change the authentication realm... This has been a suggested 
in more than a few PHP books. It's a hack, it's not too inelegant (sp?) 
and it works.