Re: [username],[password] for [authenticate]

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 37208
interpreted = N
texte = Sounds right. I believe we will do just that. Gracias!Jon __________________________ Jon Robinson Chakra5 studios http://www.chakra5.netjon@chakra5.net (206) 781-0140 (o) (206) 228-0451 (c) > -----Original Message----- > From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On > Behalf Of Brian Fries > Sent: Saturday, July 14, 2001 11:58 AM > To: WebCatalog Talk > Subject: Re: [username],[password] for [authenticate] > > > Basically, the [username] and [password] are values maintained by the > browser, not WebCatalog. The browser keeps these values for each > domain that has been authenticated until the browser is quit. The > browser then (I believe) passes these values along in MIME headers to > the server whenever accessing pages from an authenticated domain. > > If the received [username] and [password] do not satisfy the server, > then a reply is made to the browser instructing it to display an > authentication dialog. > > So... there is no way to force a browser to forget the username or > password, and the only way to force the browser to change them is to > authenticate for a different group that the current username doesn't > belong to. > > Generally, when I need a solution where I need the user's login to > time out or the user to have the ability to log out, I bypass the > authenticate / protect method and implement my own member database > with form-based login and logout. In this way I have much greater > control over the security, though the implementation is significantly > more complex. > > - brian > > At 2:29 AM 7/14/2001, Jon Robinson wrote: > >WC'ers, > > > >I'm hoping that someone can elaborate on the way that the [authenticate] > >tags [username] and [password] values are dealt with by the browser. > > > >I am building a site where the user should be able to log out, > clearing info > >on their session from a database that tracks sessions (this is > easy enough). > >I then set a variable that triggers a new [authenticate] tag which I had > >hoped would then take the new input and reset the [username], [password] > >tags values. > > > >What seems to be happening instead is that on this logout page, the > >[username], [password] tags have no value, but the refer and the page > >accessed after both have filled values?? > > > >(I'm checking values by placing the [username] and [password] tags in the > >file raw and viewing the result throw the browser) > > > >Then after reautenticate with a new s pair of values, the same > page seems to > >have access to the first [username], [password] pair entered, > but the other > >pages have access to the new values. It's like its one set behind. > > > >In reading through the list, it seems like I can't directly > manipulate the > >values, but have to bring up a new authenticate box. I'd like to > be able to > >set the values to empty. Also the username comes up with the old username > >prefilled and I like to kill this as well! > > > >It would be helpful to understand what WC is actually doing behind the > >screens here. > > > > > >Thanks! > > > >Jon > >__________________________ > >Jon Robinson > >Chakra5 studios > >http://www.chakra5.net > > > >jon@chakra5.net > >(206) 781-0140 (o) > >(206) 228-0451 (c) > -- > <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com => > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [username],[password] for [authenticate] (Jon Robinson 2001)
  2. Re: [username],[password] for [authenticate] (Brian Fries 2001)
  3. [username],[password] for [authenticate] (Jon Robinson 2001)
Sounds right. I believe we will do just that. Gracias!Jon __________________________ Jon Robinson Chakra5 studios http://www.chakra5.netjon@chakra5.net (206) 781-0140 (o) (206) 228-0451 (c) > -----Original Message----- > From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On > Behalf Of Brian Fries > Sent: Saturday, July 14, 2001 11:58 AM > To: WebCatalog Talk > Subject: Re: [username],[password] for [authenticate] > > > Basically, the [username] and [password] are values maintained by the > browser, not WebCatalog. The browser keeps these values for each > domain that has been authenticated until the browser is quit. The > browser then (I believe) passes these values along in MIME headers to > the server whenever accessing pages from an authenticated domain. > > If the received [username] and [password] do not satisfy the server, > then a reply is made to the browser instructing it to display an > authentication dialog. > > So... there is no way to force a browser to forget the username or > password, and the only way to force the browser to change them is to > authenticate for a different group that the current username doesn't > belong to. > > Generally, when I need a solution where I need the user's login to > time out or the user to have the ability to log out, I bypass the > authenticate / protect method and implement my own member database > with form-based login and logout. In this way I have much greater > control over the security, though the implementation is significantly > more complex. > > - brian > > At 2:29 AM 7/14/2001, Jon Robinson wrote: > >WC'ers, > > > >I'm hoping that someone can elaborate on the way that the [authenticate] > >tags [username] and [password] values are dealt with by the browser. > > > >I am building a site where the user should be able to log out, > clearing info > >on their session from a database that tracks sessions (this is > easy enough). > >I then set a variable that triggers a new [authenticate] tag which I had > >hoped would then take the new input and reset the [username], [password] > >tags values. > > > >What seems to be happening instead is that on this logout page, the > >[username], [password] tags have no value, but the refer and the page > >accessed after both have filled values?? > > > >(I'm checking values by placing the [username] and [password] tags in the > >file raw and viewing the result throw the browser) > > > >Then after reautenticate with a new s pair of values, the same > page seems to > >have access to the first [username], [password] pair entered, > but the other > >pages have access to the new values. It's like its one set behind. > > > >In reading through the list, it seems like I can't directly > manipulate the > >values, but have to bring up a new authenticate box. I'd like to > be able to > >set the values to empty. Also the username comes up with the old username > >prefilled and I like to kill this as well! > > > >It would be helpful to understand what WC is actually doing behind the > >screens here. > > > > > >Thanks! > > > >Jon > >__________________________ > >Jon Robinson > >Chakra5 studios > >http://www.chakra5.net > > > >jon@chakra5.net > >(206) 781-0140 (o) > >(206) 228-0451 (c) > -- > <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com => > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Jon Robinson

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

shownext & math (1997) ShowNext truncating passed variable?? (1997) Stumpted Again (1997) How to put the Trademark Symbol (%99) in Sendmail? (2003) Changing the value assigned to a formvariable (2000) Milliseconds (1998) Did this just get cheaper ? (2003) NT BETA BUG???? (1997) OR in Showifs (Was: Secure Web Server) (1999) Adding multiple items to Cart at one time, & append context problem (1998) Max Record length (1997) ShowNext (1997) 404 error -- but wc code executes... (2001) Big Databases (1997) quotes and truncating? (1997) Re1000001: Setting up shop (1997) Sku numbers (1997) Webstar 1.3.1 PPC (1997) Couple of questions (1999) Multiple Pulldowns (1997)