|
||||||||||
On Fri, 2004-12-10 at 22:11, Mykel wrote: > Henning Wangerin wrote: > >It ISN'T true. Had that discustion with a customer some years ago, so I > >had to convince him ;-) > > > >I tested most browsers available at that time, and as far as I remember, > >about 1/3 of them I tested didn't forget the credentials. > > > > > You could change the authentication realm... This has been a suggested > in more than a few PHP books. It's a hack, it's not too inelegant (sp?) > and it works. I've seen it used in combination with a pseudo-dir that holds a "session". 1) You got to www.site.com and get redirectet to www.site.com/md5hash_of_something/ 2) www.site.com/md5hash_of_something/ requieres http_auth with a slightly different realm (something with adding extra spaces in the string to avoid to much noise in the popup of the user) 3) When you log out og timeout, the "md5hash_of_something" is also thrown away on the server, 4) Accessing www.site.com/md5hash_of_something/ after session is closed sends the user back to 1) for a new session. Worked nicely on the site where it was practised, but I don't recall where it was. -- Henning Wangerin <post plus 041008 at henning dot wangerin dot dk> -- Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk> |