It's not a secret anymore!
The moose likes Servlets and the fly likes basic windows authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "basic windows authentication" Watch "basic windows authentication" New topic

basic windows authentication

Prabhakar Pentela

Joined: May 10, 2004
Posts: 12

I have JSP Page with login link that point to the login.asp that resides on the IIS webserver. I protected this page with basic authentication.When the user clicks the link, windowns login popup will be prompted. If everything is okay then my login.asp will redircet to the following link.

my problem is once the user is logged out, i am sending to. home page. If he click the login link once again i am not getting the popup but it is successfully going to the application. Anybody can help me how can i force this one in my code.

Prabhakar P
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

You're probably loggin out by using a "session.invalidate()".

Basic authentication works differently, it adds its own Cookie to the HTTP header, and you need to remove this as well, otherwise your application will always accept them as authenticated.

The name of the cookie you need to clear is 'Authorization'.

Use cookie.setMaxAge(0) to delete a Cookie, but you may need to check the API to find how to get the cookies and then find the correct one to delete.

I agree. Here's the link:
subject: basic windows authentication
It's not a secret anymore!