|
|
> Nicolas Alvarez wrote:
>> You mean Remove private data, Authenticated sessions?
>
> No. Tools->Options->Privacy->Passwords. Exactly where you'd expect it.
There is no "passwords" under "privacy". Passwords on the "security" tab
are the saved passwords. When you login via HTTP auth, and tell Firefox
*not* to save the password, it still keeps it for the current browser
session (otherwise it would keep asking you for the password on every
page request).
How do I delete that password within the session, without restarting the
browser? I doubt it's in the saved passwords list; that's for
auto-filling forms (or http auth dialogs), not for things within the
session.
And anyway, users would want something as simple as the "logout" button
on HTML forms, not getting into the browser options.
> BTW, cookie expiration is enforced by the browser, not the server.
Session usually expires server-side at the same time as the client-side
cookie. There are no sessions with HTTP auth, nothing you can expire.
One method I have seen for "expiring session on inactivity" (or on user
request, via a link) with HTTP auth is returning a 401 as if the
password was wrong, which forces most browsers to ask you the login info
again.
Post a reply to this message
|
|