On 5/2/06 4:39 AM, "Michael Lackhoff" <suppressed> wrote:
> Hello,
>
> I followed the advice from this list and wrote mod_perl
> authentification- and authorization handlers to move this task from my
> application to apache.
> But now I have the problem that for this kind of authentification there
> is no 'logout' functionallity. How do others handle this problem?
> The best I could come up with was a tweak to the authentification
> handler that gives back an 401 error to everyone for the location
> /myapp/logout and then write my own error document for this location
> saying "Logout successful" or something like that. But still the user
> gets the pop up box from the browser to reauthentificate. Any better
> ideas?
I typically have something like a "teaser" page that isn't protected that
includes stuff like messages, usage stats, overview, etc. On that page,
there can be a spot for the user information, if the user is logged in. If
the user is not logged in, that can be replaced by a link to login (or the
first "real" page of the app). When someone logs out, redirect back to your
"teaser" page. Since this page is "outside" your app (while it could be a
runmode), the user will not get any request for reauthentication.
Sean
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.