Re: [username],[password] for [authenticate]

This WebDNA talk-list message is from

2001

It keeps the original formatting. numero = 37208
interpreted = N
texte = Sounds right. I believe we will do just that. Gracias!Jon__________________________Jon RobinsonChakra5 studioshttp://www.chakra5.netjon@chakra5.net(206) 781-0140 (o)(206) 228-0451 (c)> -----Original Message-----> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On> Behalf Of Brian Fries> Sent: Saturday, July 14, 2001 11:58 AM> To: WebCatalog Talk> Subject: Re: [username],[password] for [authenticate]>>> Basically, the [username] and [password] are values maintained by the> browser, not WebCatalog. The browser keeps these values for each> domain that has been authenticated until the browser is quit. The> browser then (I believe) passes these values along in MIME headers to> the server whenever accessing pages from an authenticated domain.>> If the received [username] and [password] do not satisfy the server,> then a reply is made to the browser instructing it to display an> authentication dialog.>> So... there is no way to force a browser to forget the username or> password, and the only way to force the browser to change them is to> authenticate for a different group that the current username doesn't> belong to.>> Generally, when I need a solution where I need the user's login to> time out or the user to have the ability to log out, I bypass the> authenticate / protect method and implement my own member database> with form-based login and logout. In this way I have much greater> control over the security, though the implementation is significantly> more complex.>> - brian>> At 2:29 AM 7/14/2001, Jon Robinson wrote:> >WC'ers,> >> >I'm hoping that someone can elaborate on the way that the [authenticate]> >tags [username] and [password] values are dealt with by the browser.> >> >I am building a site where the user should be able to log out,> clearing info> >on their session from a database that tracks sessions (this is> easy enough).> >I then set a variable that triggers a new [authenticate] tag which I had> >hoped would then take the new input and reset the [username], [password]> >tags values.> >> >What seems to be happening instead is that on this logout page, the> >[username], [password] tags have no value, but the refer and the page> >accessed after both have filled values??> >> >(I'm checking values by placing the [username] and [password] tags in the> >file raw and viewing the result throw the browser)> >> >Then after reautenticate with a new s pair of values, the same> page seems to> >have access to the first [username], [password] pair entered,> but the other> >pages have access to the new values. It's like its one set behind.> >> >In reading through the list, it seems like I can't directly> manipulate the> >values, but have to bring up a new authenticate box. I'd like to> be able to> >set the values to empty. Also the username comes up with the old username> >prefilled and I like to kill this as well!> >> >It would be helpful to understand what WC is actually doing behind the> >screens here.> >> >> >Thanks!> >> >Jon> >__________________________> >Jon Robinson> >Chakra5 studios> >http://www.chakra5.net> >> >jon@chakra5.net> >(206) 781-0140 (o)> >(206) 228-0451 (c)> --> <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com =>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: [username],[password] for [authenticate] (Jon Robinson 2001)
Re: [username],[password] for [authenticate] (Brian Fries 2001)
[username],[password] for [authenticate] (Jon Robinson 2001)

Sounds right. I believe we will do just that. Gracias!Jon__________________________Jon RobinsonChakra5 studioshttp://www.chakra5.netjon@chakra5.net(206) 781-0140 (o)(206) 228-0451 (c)> -----Original Message-----> From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On> Behalf Of Brian Fries> Sent: Saturday, July 14, 2001 11:58 AM> To: WebCatalog Talk> Subject: Re: [username],[password] for [authenticate]>>> Basically, the [username] and [password] are values maintained by the> browser, not WebCatalog. The browser keeps these values for each> domain that has been authenticated until the browser is quit. The> browser then (I believe) passes these values along in MIME headers to> the server whenever accessing pages from an authenticated domain.>> If the received [username] and [password] do not satisfy the server,> then a reply is made to the browser instructing it to display an> authentication dialog.>> So... there is no way to force a browser to forget the username or> password, and the only way to force the browser to change them is to> authenticate for a different group that the current username doesn't> belong to.>> Generally, when I need a solution where I need the user's login to> time out or the user to have the ability to log out, I bypass the> authenticate / protect method and implement my own member database> with form-based login and logout. In this way I have much greater> control over the security, though the implementation is significantly> more complex.>> - brian>> At 2:29 AM 7/14/2001, Jon Robinson wrote:> >WC'ers,> >> >I'm hoping that someone can elaborate on the way that the [authenticate]> >tags [username] and [password] values are dealt with by the browser.> >> >I am building a site where the user should be able to log out,> clearing info> >on their session from a database that tracks sessions (this is> easy enough).> >I then set a variable that triggers a new [authenticate] tag which I had> >hoped would then take the new input and reset the [username], [password]> >tags values.> >> >What seems to be happening instead is that on this logout page, the> >[username], [password] tags have no value, but the refer and the page> >accessed after both have filled values??> >> >(I'm checking values by placing the [username] and [password] tags in the> >file raw and viewing the result throw the browser)> >> >Then after reautenticate with a new s pair of values, the same> page seems to> >have access to the first [username], [password] pair entered,> but the other> >pages have access to the new values. It's like its one set behind.> >> >In reading through the list, it seems like I can't directly> manipulate the> >values, but have to bring up a new authenticate box. I'd like to> be able to> >set the values to empty. Also the username comes up with the old username> >prefilled and I like to kill this as well!> >> >It would be helpful to understand what WC is actually doing behind the> >screens here.> >> >> >Thanks!> >> >Jon> >__________________________> >Jon Robinson> >Chakra5 studios> >http://www.chakra5.net> >> >jon@chakra5.net> >(206) 781-0140 (o)> >(206) 228-0451 (c)> --> <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com =>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Jon Robinson

DOWNLOAD WEBDNA NOW!

Re: [username],[password] for [authenticate]

2001

Top Articles:

Related Readings: