File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes HTTP authorization log out Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Reply locked New topic

HTTP authorization log out

G Horie

Joined: Feb 03, 2005
Posts: 10

I'm new at using the HTTP request authorization header for user authentication, so please bear through this newbie question.

I know I can pop-up an authenticate window in a browser session with the following code snippet:

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-user\"");

I also know how to parse to returning username and password to authenticate the request. So this is okay.

However, I do not know is how to log out of this authorized session without closing the browser. Well, that's not entirely true. I do seem to be able to log out by resending those two response headers, but I get a problem where the first authentication window that pops up won't accept an appropriate username and password. If I cancel the first request, then try to return to the site, the next authentication window responds as expected.

So I'm a little confused at what I'm doing wrong. Any suggestions?


- Greg.
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

This is actually a reasonable question - not as silly as it sounds.

We have an existing thread discussing this here.

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

I hope you don't mind that I'm closing this thread to prevent duplicate conversations.

I agree. Here's the link:
subject: HTTP authorization log out
It's not a secret anymore!