[hunchentoot-devel] Authorization data being cached
Andreas Fuchs
asf at boinkor.net
Thu Jan 28 16:09:11 UTC 2010
On Thu, Jan 28, 2010 at 15:57, Patrick May <patrick.may at mac.com> wrote:
> I don't think this is a Hunchentoot issue, but I thought I'd ask here first. I've noticed that Safari seems to cache the basic authorization username and password, so that even if I call (remove-session *session*) on the server side, Safari just reloads the page.
AFAIK, every browser does this. It's the only way HTTP Basic auth can
work without being terribly annoying to the user.
> Am I interpreting the behavior correctly? If so, how do I force a re-authorization?
To "log out" the user, you need to return a 401 Unauthorized status
(see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), which
will prompt the browser to display the user/password dialog box again.
If the user presses Cancel enough times, they'll finally be logged
out.
It's terribly convoluted, but that's Basic auth for you /-:
Cheers,
--
Andreas Fuchs, (http://|im:asf@|mailto:asf@)boinkor.net, antifuchs
More information about the Tbnl-devel
mailing list