On 2 May 2006 at 6:36, Sean Davis wrote:
> I typically have something like a "teaser" page that isn't protected that
> includes stuff like messages, usage stats, overview, etc. On that page,
> there can be a spot for the user information, if the user is logged in. If
> the user is not logged in, that can be replaced by a link to login (or the
> first "real" page of the app). When someone logs out, redirect back to your
> "teaser" page. Since this page is "outside" your app (while it could be a
> runmode), the user will not get any request for reauthentication.
That's right but then the user is not really logged off, that is, if
the user goes again from the teaser page to one of the protected pages
the browser will happyly send the credentials. This is especially bad
when the application is run in public places but even in an office
environment a colleague might run protected pages in the name of
someone else unless he closes the browser.
Or did I miss something? How is your "when someone logs out" done, to
make the browser really forget the credentials without a re-login
popup?
Cheers,
Michael
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.