[ previous ] [ next ] [ threads ]
 
 From:  Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>
 To:  Mykel <Mykel at mWare dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] feature request
 Date:  Sat, 11 Dec 2004 00:20:05 +0100
On Fri, 2004-12-10 at 22:11, Mykel wrote:
> Henning Wangerin wrote:

> >It ISN'T true. Had that discustion with a customer some years ago, so I
> >had to convince him ;-)
> >
> >I tested most browsers available at that time, and as far as I remember,
> >about 1/3 of them I tested didn't forget the credentials.
> >  
> >
> You could change the authentication realm... This has been a suggested 
> in more than a few PHP books. It's a hack, it's not too inelegant (sp?) 
> and it works.

I've seen it used in combination with a pseudo-dir that holds a
"session".

1) You got to www.site.com and get redirectet to
www.site.com/md5hash_of_something/
2) www.site.com/md5hash_of_something/ requieres http_auth with a
slightly different realm (something with adding extra spaces in the
string to avoid to much noise in the popup of the user)
3) When you log out og timeout, the "md5hash_of_something" is also
thrown away on the server, 
4) Accessing www.site.com/md5hash_of_something/ after session is closed
sends the user back to 1) for a new session.

Worked nicely on the site where it was practised, but I don't recall
where it was.

-- 
Henning Wangerin <post plus 041008 at henning dot wangerin dot dk>
-- 
Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>