I validate pages thru .htaccess.
What stroke my attention is that once the user has filled out a user name
and password, with a page refresh there is no credentials asked. How can I
prevent this and ask every time (after F5 or a rewind view in the browser)
for a user logon + passwd?
--
Floor
On Sat, 24 Nov 2007 13:12:12 +0100, "Floor"
>I validate pages thru .htaccess.
>What stroke my attention is that once the user has filled out a user name
>and password, with a page refresh there is no credentials asked. How can I
>prevent this and ask every time (after F5 or a rewind view in the browser)
>for a user logon + passwd?
You can't. Once the credentials are entered, the browser
will send them to the server with every request to that
realm until the browser is closed completely.
It's just the way basic http authentication works.
--
( Kees
)
c[_] Sometimes looking too long into another's mind
just feels like plunging the toilet with your bare
hands. (Michael Rosen) (#396)
On Sat, 24 Nov 2007 16:08:44 +0100, Kees Nuyt
>On Sat, 24 Nov 2007 13:12:12 +0100, "Floor"
>
>
>> I validate pages thru .htaccess.
>> What stroke my attention is that once the user has filled out a user name
>> and password, with a page refresh there is no credentials asked. How can I
>> prevent this and ask every time (after F5 or a rewind view in the browser)
>> for a user logon + passwd?
>
> You can't. Once the credentials are entered, the browser
> will send them to the server with every request to that
> realm until the browser is closed completely.
> It's just the way basic http authentication works.
Forgot to add a link to a page that explains it all:
http://httpd.apache.org/docs/2.2/howto/auth.html
HTH
--
( Kees
)
c[_] Get the facts first - you can distort them later! (#365)
On Nov 24, 12:12 pm, "Floor"
> I validate pages thru .htaccess.
> What stroke my attention is that once the user has filled out a user name
> and password, with a page refresh there is no credentials asked. How can I
> prevent this and ask every time (after F5 or a rewind view in the browser)
> for a user logon + passwd?
>
> --
> Floor
unless you unset the headers, for instance
Authorization: Basic bWF0dDpib2I=
manually, using either a server-side scripting language or apache
directive this is a process handled by the server and user-agent,
additionally, you could use a server-side language to supply wrong
credentials, which could force the user-agent to display another pop-
up, or you could use simply override the apache header with:
WWW-Authenticate: Basic realm="Please Login In"
if all this seems a bit boring, its cos it is, what you are asking is
"how do I change the sensible default behaviour to something not so
useful or standard"