|
|
Nicolas Alvarez wrote:
> There is no "passwords" under "privacy".
You should learn to qualify your statements, like
There is no "passwords" under "privacy" on my version of this program.
Certainly on Firefox 1.5.0.12 there is, and it holds the "auth"
passwords right next to the "<input type=password" passwords.
> When you login via HTTP auth, and tell Firefox
> *not* to save the password, it still keeps it for the current browser
> session (otherwise it would keep asking you for the password on every
> page request).
Right. Same with cookies, see.
> How do I delete that password within the session, without restarting the
> browser?
Uh, why would you? Don't go back to that site. :-)
Granted, if you want to log in as someone else, that could be mildly
problematic. I don't see this as a normal use case for 99% of the sites
I see using the kludged cookie-based logins, tho.
> And anyway, users would want something as simple as the "logout" button
> on HTML forms, not getting into the browser options.
There's no reason it couldn't be easier to do from the browser, yes.
> Session usually expires server-side at the same time as the client-side
> cookie. There are no sessions with HTTP auth, nothing you can expire.
Of course there is. You're just not thinking. The server knows how long
it has been since last you came back. After that time elapses, clean up
whatever you'd clean up if the user hit the "logout" button.
In other words, no, cookies do not "expire" on the server side, since
the server doesn't have a cookie. A cookie is a way for the server to
store something at the browser. The "something" is what expires. Hence,
go ahead, expire that "something".
> One method I have seen for "expiring session on inactivity" (or on user
> request, via a link) with HTTP auth is returning a 401 as if the
> password was wrong, which forces most browsers to ask you the login info
> again.
Or just return a 403 *once* even for the *right* password. Or change
the realm to be session-specific.
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|