[hunchentoot-devel] Authorization data being cached

Andreas Fuchs asf at boinkor.net
Thu Jan 28 16:09:11 UTC 2010


On Thu, Jan 28, 2010 at 15:57, Patrick May <patrick.may at mac.com> wrote:
>        I don't think this is a Hunchentoot issue, but I thought I'd ask here first.  I've noticed that Safari seems to cache the basic authorization username and password, so that even if I call (remove-session *session*) on the server side, Safari just reloads the page.

AFAIK, every browser does this. It's the only way HTTP Basic auth can
work without being terribly annoying to the user.

>        Am I interpreting the behavior correctly?  If so, how do I force a re-authorization?

To "log out" the user, you need to return a 401 Unauthorized status
(see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), which
will prompt the browser to display the user/password dialog box again.
If the user presses Cancel enough times, they'll finally be logged
out.

It's terribly convoluted, but that's Basic auth for you /-:

Cheers,
-- 
Andreas Fuchs, (http://|im:asf@|mailto:asf@)boinkor.net, antifuchs




More information about the Tbnl-devel mailing list