Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

Re-Authorization

I'm using NCSA web server and diretory authorization in use
of htpasswd. Problem is that Once the user logged-in, He can
 not change the user id except exiting netscape.
Here is the Question.
How can the user re-logon or chane(Re-displaying log-on  dialog) user id whenever he wants?
0
molla051997
Asked:
molla051997
  • 3
  • 3
  • 2
  • +1
1 Solution
 
johnt082197Commented:
I dunno the answer, but you'll note the problem is the same with experts exchange :)
0
 
gabsiCommented:
User will have to re-enter his password only if he has to access a file that is not allowed to his first login.

0
 
gwaltersCommented:
I did it once.  Basically implemented a "logout" CGI.  When the user clicked on it, the next click caused a re-authentication, even though they were accessing the same directory they had been the whole "session".

I'll give you details if and when you reject the current answer.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gabsiCommented:
I will be really interrested by the solution of gwalters.
Authentification has no thing to deal with CGI's or other server side installed programs.
The mechanism is the following:
When the server recieve a request for a protected URL, it asks the client for identification.
If the client has it gives what it knows.
If that does not satisfy the server requierement (or if the client has none), the client asks the user for identification (or RE-).

SO I dont see how a logout CGI will change the client side informations.

0
 
gwaltersCommented:
If you're so interested in my answer, why didn't you submit this as a COMMENT?  Now it's locked again!

0
 
gabsiCommented:
Sorry gwalter, it is a mistake, sincerly.
0
 
molla051997Author Commented:
gwalerts!! give me deatailed answer
0
 
gwaltersCommented:
OK, it's a kludge, but it worked for me:

The logout CGI did the following:

1) Send something to the browser telling the user they logged out (i.e. "Content-type: text/html\n\nLogout successful").
2) Fork a new process.  Old process dies (telling NCSA the cgi is done), new process should close stdin and stdout for the same reason.  I may have done these close() statements before the fork; I can't remember (can't find the sourcecode).
3) New process creates a new .htpasswd file with the user's entry changed or absent, then sleeps for a certain period of time.
4) New process creates a new .htpasswd file with the user's entry restored.

As long as user requests a protected document between steps 3 and 4 (adjust the sleep time as appropriate), the browser will detect the failure on the username/password that, until now, worked.  This will cause a new prompt.

Notes:
1) It's not really a logout, of course (since there was never a "login").  The user must request a document between steps 3 and 4 to get the prompt.  If they wait until after step 4, the browser will use the old authentication info.  You may be able to do a javascript or http-refresh trick to force the browser to request a protected document after logging out.
2) If this is to be used by a lot of people, you better use some kind of file locking.  Your first instinct may be to create a backup .htaccess in step 3, then just copy it in step 4.  This won't work, however, if more than one person is "logged out" at a given time.

Sorry I can't find my source code.  I'm still looking.


0
 
molla051997Author Commented:
gwalters, If you succeed in finding source code, Notify me.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now