Thread: htaccess and login
View Single Post
  #12 (permalink)  
Old 08-07-2007, 03:34 PM
wige's Avatar
wige wige is offline
Moderator
WebProWorld Moderator
  
Join Date: Jun 2006
Location: United States
Posts: 2,657
wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9wige RepRank 9
Default Re: htaccess and login
If you use a bad username/password combo to force the user to log out, the following happens:

First, the user wants to visit the secure site...
Browser: GET /secureplace/file.html
Server: 401 Unauthorized Authenticate Realm
Browser shows user a password prompt for the realm "Realm"
Browser: GET /secureplace/file.html AUTHENTICATION Realm username:pass
Server: 200 OK

Then the user clicks a link. Since the browser remembers that this directory requires authentication, it automatically includes the username and password.
Browser: GET /secureplace/otherfile.html AUTHENTICATION Realm username:pass
Server: 200 OK

If you use any process to change the login, such as using a URL with a bad username and password embedded, the following will occur:
Browser: GET /secureplace/someotherfile.html AUTHENTICATION Realm baduser:badpass
Server: 401 Unauthorized Authenticate Realm
Browser: GET /secureplace/someotherfile.html AUTHENTICATION Realm knowngooduser:knowngoodpassfromcache
Server: 200 OK
__________________
The best way to learn anything, is to question everything.
Last edited by wige; 08-07-2007 at 03:38 PM.
Reply With Quote