Hello, I have a problem with a client/server http connection after a 'WWW-Authenticate' return from the server and the next 'Authorization: ' requests from the client. That's the working line
Code:
Client send a request for a restricted file
GET /file.rst HTTP/1.0
Accept: */*
but because is a restricted file the server returns a 'need authorization' response
HTTP/1.0 401 Unauthorized
WWW-Authenticate: BASIC realm="System Administrator"
Ok, the client opens a default popup asking the user for a name and password, and the it resends
the restricted file request with the user:password in BASIC base64 encoding
GET /file.rst HTTP/1.0
Accept: */*
Authorization: BASIC aaAaAaAAaa
The the server checks the user and password and (if it's right) sends the restricted file.
Since here there isn't any problem, but after the server has accepted once a user/password, the client sends it in each request. My question is: what should the server have to send to the client to force it to logout (or to force it to forget the user/passw)? If I close the browser then the user is also loggedout (from the client memory), but I was wondering if the server can send a header like 'WWW-Authenticate: Forget Actual User' (of course I haven't tryed to send that ).
Note: the server is a simple server I've created, and the client is one of the 'professional' availables.
Thank's in advance
Niara