OK, I have figured out that I can use the $ENV{REMOTE_USER} variable within my perl scripts with Apache to figure out which user is logged onto my machine! Now is there any way of resetting this variable to log the user out? Is there any other options to log a user out of .htaccess when they are done with their session? I tried deleting and then rewriting the .password and .htaccess files hoping that this would cause a prompt to reenter the password, but it doesn't. Any suggestions?
$ENV{REMOTE_USER} works great to identify a user, but can I reset it to log a user out?
- Thread starter wezal
- Start date
Basilisk
Senior member
- Sep 15, 2000
- 774
- 0
- 0
In a Stateless Machine, how can there be any concept of "logged onto"? Conventional ideas of "logged in" involve sessions with defined opening and closing moments, and this isn't the model of the Web where there's no maintained link and no closing of one.
(Changing an ENV variable has no persistant effect after that CGI dies.)
Doesn't the only concept of logged-in lie within the Browser, not your server/CGI? The CGI merely receives data from a browser which has successfully provided/retained a userid/password giving access to the path of the CGI. As long as the browser continues to send the proper validation detail, it can access that protected path -- it can run the CGI.
(I'm a bit surprised that altering the encrypted password value -- that changing the password -- didn't require a new login with a different password! Requiring a new password is a rather heavy-handed approach to "login control".)
You can make additional requirements via cookies which you can manage/destroy. This's an application feature, not a server/browser one as far as I know.
Or... maybe I've got it wrong. Good luck!
(Changing an ENV variable has no persistant effect after that CGI dies.)
Doesn't the only concept of logged-in lie within the Browser, not your server/CGI? The CGI merely receives data from a browser which has successfully provided/retained a userid/password giving access to the path of the CGI. As long as the browser continues to send the proper validation detail, it can access that protected path -- it can run the CGI.
(I'm a bit surprised that altering the encrypted password value -- that changing the password -- didn't require a new login with a different password! Requiring a new password is a rather heavy-handed approach to "login control".)
You can make additional requirements via cookies which you can manage/destroy. This's an application feature, not a server/browser one as far as I know.
Or... maybe I've got it wrong. Good luck!
<< (I'm a bit surprised that altering the encrypted password value -- that changing the password -- didn't require a new login with a different password! Requiring a new password is a rather heavy-handed approach to "login control".) >>
Basilisk, you are correct, if I were to change the password file, then that should have an effect, I only removed it for a split second, which doesn't make much sense as you have said. So I need to figure out a way where I can either reset the password that the user is sending, or close their browser all together, which is not a preferable option. I was using a cookie option like you also say, but the security of it was not very tight, so I felt that using the .htaccess file would be more robust. Anyway thanks for the help, you have at least pointed me to a better/clearer direction.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter