Re: [username],[password] for [authenticate]

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 37207
interpreted = N
texte = Basically, the [username] and [password] are values maintained by the browser, not WebCatalog. The browser keeps these values for each domain that has been authenticated until the browser is quit. The browser then (I believe) passes these values along in MIME headers to the server whenever accessing pages from an authenticated domain.If the received [username] and [password] do not satisfy the server, then a reply is made to the browser instructing it to display an authentication dialog.So... there is no way to force a browser to forget the username or password, and the only way to force the browser to change them is to authenticate for a different group that the current username doesn't belong to.Generally, when I need a solution where I need the user's login to time out or the user to have the ability to log out, I bypass the authenticate / protect method and implement my own member database with form-based login and logout. In this way I have much greater control over the security, though the implementation is significantly more complex.- brianAt 2:29 AM 7/14/2001, Jon Robinson wrote: >WC'ers, > >I'm hoping that someone can elaborate on the way that the [authenticate] >tags [username] and [password] values are dealt with by the browser. > >I am building a site where the user should be able to log out, clearing info >on their session from a database that tracks sessions (this is easy enough). >I then set a variable that triggers a new [authenticate] tag which I had >hoped would then take the new input and reset the [username], [password] >tags values. > >What seems to be happening instead is that on this logout page, the >[username], [password] tags have no value, but the refer and the page >accessed after both have filled values?? > >(I'm checking values by placing the [username] and [password] tags in the >file raw and viewing the result throw the browser) > >Then after reautenticate with a new s pair of values, the same page seems to >have access to the first [username], [password] pair entered, but the other >pages have access to the new values. It's like its one set behind. > >In reading through the list, it seems like I can't directly manipulate the >values, but have to bring up a new authenticate box. I'd like to be able to >set the values to empty. Also the username comes up with the old username >prefilled and I like to kill this as well! > >It would be helpful to understand what WC is actually doing behind the >screens here. > > >Thanks! > >Jon >__________________________ >Jon Robinson >Chakra5 studios >http://www.chakra5.net > >jon@chakra5.net >(206) 781-0140 (o) >(206) 228-0451 (c) -- <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com =>------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [username],[password] for [authenticate] (Jon Robinson 2001)
  2. Re: [username],[password] for [authenticate] (Brian Fries 2001)
  3. [username],[password] for [authenticate] (Jon Robinson 2001)
Basically, the [username] and [password] are values maintained by the browser, not WebCatalog. The browser keeps these values for each domain that has been authenticated until the browser is quit. The browser then (I believe) passes these values along in MIME headers to the server whenever accessing pages from an authenticated domain.If the received [username] and [password] do not satisfy the server, then a reply is made to the browser instructing it to display an authentication dialog.So... there is no way to force a browser to forget the username or password, and the only way to force the browser to change them is to authenticate for a different group that the current username doesn't belong to.Generally, when I need a solution where I need the user's login to time out or the user to have the ability to log out, I bypass the authenticate / protect method and implement my own member database with form-based login and logout. In this way I have much greater control over the security, though the implementation is significantly more complex.- brianAt 2:29 AM 7/14/2001, Jon Robinson wrote: >WC'ers, > >I'm hoping that someone can elaborate on the way that the [authenticate] >tags [username] and [password] values are dealt with by the browser. > >I am building a site where the user should be able to log out, clearing info >on their session from a database that tracks sessions (this is easy enough). >I then set a variable that triggers a new [authenticate] tag which I had >hoped would then take the new input and reset the [username], [password] >tags values. > >What seems to be happening instead is that on this logout page, the >[username], [password] tags have no value, but the refer and the page >accessed after both have filled values?? > >(I'm checking values by placing the [username] and [password] tags in the >file raw and viewing the result throw the browser) > >Then after reautenticate with a new s pair of values, the same page seems to >have access to the first [username], [password] pair entered, but the other >pages have access to the new values. It's like its one set behind. > >In reading through the list, it seems like I can't directly manipulate the >values, but have to bring up a new authenticate box. I'd like to be able to >set the values to empty. Also the username comes up with the old username >prefilled and I like to kill this as well! > >It would be helpful to understand what WC is actually doing behind the >screens here. > > >Thanks! > >Jon >__________________________ >Jon Robinson >Chakra5 studios >http://www.chakra5.net > >jon@chakra5.net >(206) 781-0140 (o) >(206) 228-0451 (c) -- <= Brian C. Fries, BrainScan Software http://www.brainscansoftware.com =>------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Running 2 two WebCatalog.acgi's (1996) test (2004) RE: [WebDNA] Help me install (WebDNA 7 fastcgi install on Lion 10.7.3) (2012) Various Problems (1997) win2003 server (Web, standard, small business, edition) (2005) Re:no [search] with NT (1997) taxTotal, grandTotal (1997) RAM variables (1997) [WebDNA] Press Release (2008) listfiles-looking for slick solution (1997) Text limits in NT version? (1997) Printing a final order (1997) Variable security (2000) WebCat2b13MacPlugin - nested [xxx] contexts (1997) WebDNA Challenge - Was: Why WebDNA is not popular (2002) Why are some admin pages not encrypted? (2000) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) [group] ? (1997) WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) Help! WebCat2 bug (1997)