Bo M. Maryniuck wrote:
On Wednesday 07 August 2002 12:30, Jo Meder wrote:
Voila: seems like you never logged out. The only method to reliably "log out" that I know of is to shut down your browser completely.
There is *NO* way to log out completely with standard a12n.
Yeah there is. This happens when the browser stops sending authorisation headers. Now, 99% of browsers out there will stop sending authorization headers if they receive a 401 for those authorisation headers, so the ZMI way of logging out can be quite reliable.
Only if you use cookie-based Login Manager, where you can make old valid cookie or so. Also cookie-less AFAIK, but I've never used it yet.
huh? Sorry, that paragraph lost something in the translation :-S I'd personally use the CookieCrumbler product if I wanted to add cookie authentication to a site. I wonder if someone could come up with somethign similar that would stroe the session in the URL instead of in a cookie? cheers, Chris