10 May
2000
10 May
'00
1:26 p.m.
Chris Withers wrote The problem is HTTP Basic Authentication caching the user's details until it gets told they've failed authentication for that realm...
.. and even then, if they've had a previous successful auth for a page, the browser will re-use the token. The only _real_ way to do it properly is to pass a token to the client, and use that token to reference their authentication information. That way, when they log out, you destroy the authentication information on the server side. Anthony -- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.