|
|
> How do I delete that password within the session, without restarting the
> browser?
"According to RFC 2616, existing browsers retain authentication
information indefinitely. HTTP does not provide a method for a server to
direct clients to discard these cached credentials. This is a
significant defect that requires further extensions to HTTP." --Wikipedia
"The authentication is kept in the browser (client side), so there's
really no way to log out the user on the server side AFAIK. The user
will have to close the browser to end the session. I think there are
hacks around this issue, but I haven't looked into them." --a Ruby on
Rails blog post
"Both Netscape Navigator and Internet Explorer will clear the local
browser window's authentication cache for the realm upon receiving a
server response of 401. This can effectively 'log out' a user, forcing
them to re-enter their username and password. Some people use this to
'time out' logins, or provide a 'log-out' button." --PHP manual
BTW: I think most people use forms for login just because everybody else
is doing it, not because they gave it any thought :)
Post a reply to this message
|
|