This week's book / license giveaways are in the JDBC and Relational Databases and Java in General forums.
We're giving away four copies each of PostGIS in Action and Java Advanced Topics Training and have the authors on-line!
See this thread and this one for details.
The moose likes Servlets and the fly likes implementing a 'logoff' for basic authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "implementing a Watch "implementing a New topic
Author

implementing a 'logoff' for basic authentication

chen ven
Greenhorn

Joined: Apr 16, 2004
Posts: 1
Our application authticates users using the basic authentication scheme. Since the user credentials are always part of the request header sent by the browser, how does one implement a 'logoff' ? Is there any way to invalidate a request header ?
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
Chen,
If I remember this correctly, an authentication that was done through BASIC will be valid until the user closes her browser. If the authentication was done via a FORM, then you could simply call invalidate() on the HttpSession and the next fetch would require the user to login again.
As always, you will definitely want to double-check this information--but I hope it gets you headed off in the right direction.


Nathaniel Stodard<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS, ICAD, ICSD, ICED
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: implementing a 'logoff' for basic authentication