This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes Servlets and the fly likes implementing a 'logoff' for basic authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "implementing a Watch "implementing a New topic

implementing a 'logoff' for basic authentication

chen ven

Joined: Apr 16, 2004
Posts: 1
Our application authticates users using the basic authentication scheme. Since the user credentials are always part of the request header sent by the browser, how does one implement a 'logoff' ? Is there any way to invalidate a request header ?
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
If I remember this correctly, an authentication that was done through BASIC will be valid until the user closes her browser. If the authentication was done via a FORM, then you could simply call invalidate() on the HttpSession and the next fetch would require the user to login again.
As always, you will definitely want to double-check this information--but I hope it gets you headed off in the right direction.

I agree. Here's the link:
subject: implementing a 'logoff' for basic authentication
It's not a secret anymore!