Hello, I have a problem with a client/server http connection after a 'WWW-Authenticate' return from the server and the next 'Authorization: ' requests from the client. That's the working line
Since here there isn't any problem, but after the server has accepted once a user/password, the client sends it in each request. My question is: what should the server have to send to the client to force it to logout (or to force it to forget the user/passw)? If I close the browser then the user is also loggedout (from the client memory), but I was wondering if the server can send a header like 'WWW-Authenticate: Forget Actual User' (of course I haven't tryed to send that ).Code:Client send a request for a restricted file GET /file.rst HTTP/1.0 Accept: */* but because is a restricted file the server returns a 'need authorization' response HTTP/1.0 401 Unauthorized WWW-Authenticate: BASIC realm="System Administrator" Ok, the client opens a default popup asking the user for a name and password, and the it resends the restricted file request with the user:password in BASIC base64 encoding GET /file.rst HTTP/1.0 Accept: */* Authorization: BASIC aaAaAaAAaa The the server checks the user and password and (if it's right) sends the restricted file.
Note: the server is a simple server I've created, and the client is one of the 'professional' availables.
Thank's in advance