This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes implementing a 'logoff' for basic authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "implementing a Watch "implementing a New topic
Author

implementing a 'logoff' for basic authentication

chen ven
Greenhorn

Joined: Apr 16, 2004
Posts: 1
Our application authticates users using the basic authentication scheme. Since the user credentials are always part of the request header sent by the browser, how does one implement a 'logoff' ? Is there any way to invalidate a request header ?
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
Chen,
If I remember this correctly, an authentication that was done through BASIC will be valid until the user closes her browser. If the authentication was done via a FORM, then you could simply call invalidate() on the HttpSession and the next fetch would require the user to login again.
As always, you will definitely want to double-check this information--but I hope it gets you headed off in the right direction.


Nathaniel Stodard<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS, ICAD, ICSD, ICED
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: implementing a 'logoff' for basic authentication
 
Similar Threads
How to get the HTTP Header from the request?
Tracking Authentication
Setting Authorization Header in HTTP Request
Setting Authorization Header in HTTP Request
How to configure Axis stubs for Integrated Windows Authentication ?