On Mon, Nov 10, 2008 at 06:44:57PM +0100, Paul Sandoz wrote:
> On Nov 10, 2008, at 4:59 PM, Julio Faerman wrote:
>
<snip>
>>
>>
>>> A general issue is how to log out. I am not actually sure. I do not know
>>> if
>>> it is possible to browse my authenticated sessions in Firefox. Ideally a
>>> button on the web page would interact with the browser through some
>>> standard
>>> API.
>>
>> I read that a 401 response should log me out,
>
> I think that is a response to an unauthorized request:
>
> http://greenbytes.de/tech/webdav/rfc2616.html#status.401
>
>
>> but that did not worked
>> for me, and even if it did, i think it would be browser specific. As i
>> am using container managed auth, i am looking for a standard JEE way
>> to log out.
>>
>
> This is probably one of the draw backs of HTTP basic auth. I think it
> requires a different auth mechanism where by the server can invalidate the
> authentication of a user.
Regarding logging-out, for Firefox, you can do just: [Tools]->[Clear Private Data],
and check [Authenticated Sessions]. Then Firefox will stop sending the authentication
headres with the requests.
It is up to client, whether or not to send the authentication information
to the server. This way is IMHO better then if client had to ask server
to log it out. Maybe there is certain standard JavaScript API
allowing a script to control this?
~Jakub
>
> Paul.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>