wood burning stoves 2.0*
The moose likes Servlets and the fly likes implementing a 'logoff' for basic authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "implementing a Watch "implementing a New topic

implementing a 'logoff' for basic authentication

chen ven

Joined: Apr 16, 2004
Posts: 1
Our application authticates users using the basic authentication scheme. Since the user credentials are always part of the request header sent by the browser, how does one implement a 'logoff' ? Is there any way to invalidate a request header ?
Nathaniel Stoddard
Ranch Hand

Joined: May 29, 2003
Posts: 1258
If I remember this correctly, an authentication that was done through BASIC will be valid until the user closes her browser. If the authentication was done via a FORM, then you could simply call invalidate() on the HttpSession and the next fetch would require the user to login again.
As always, you will definitely want to double-check this information--but I hope it gets you headed off in the right direction.

I agree. Here's the link: http://aspose.com/file-tools
subject: implementing a 'logoff' for basic authentication
Similar Threads
How to get the HTTP Header from the request?
Tracking Authentication
Setting Authorization Header in HTTP Request
Setting Authorization Header in HTTP Request
How to configure Axis stubs for Integrated Windows Authentication ?