Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Re-Authorization

Posted on 1997-10-19
9
Medium Priority
?
216 Views
Last Modified: 2013-12-25
I'm using NCSA web server and diretory authorization in use
of htpasswd. Problem is that Once the user logged-in, He can
 not change the user id except exiting netscape.
Here is the Question.
How can the user re-logon or chane(Re-displaying log-on  dialog) user id whenever he wants?
0
Comment
Question by:molla051997
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Expert Comment

by:johnt082197
ID: 1855301
I dunno the answer, but you'll note the problem is the same with experts exchange :)
0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855302
User will have to re-enter his password only if he has to access a file that is not allowed to his first login.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855303
I did it once.  Basically implemented a "logout" CGI.  When the user clicked on it, the next click caused a re-authentication, even though they were accessing the same directory they had been the whole "session".

I'll give you details if and when you reject the current answer.
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 1

Expert Comment

by:gabsi
ID: 1855304
I will be really interrested by the solution of gwalters.
Authentification has no thing to deal with CGI's or other server side installed programs.
The mechanism is the following:
When the server recieve a request for a protected URL, it asks the client for identification.
If the client has it gives what it knows.
If that does not satisfy the server requierement (or if the client has none), the client asks the user for identification (or RE-).

SO I dont see how a logout CGI will change the client side informations.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855305
If you're so interested in my answer, why didn't you submit this as a COMMENT?  Now it's locked again!

0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855306
Sorry gwalter, it is a mistake, sincerly.
0
 

Author Comment

by:molla051997
ID: 1855307
gwalerts!! give me deatailed answer
0
 
LVL 3

Accepted Solution

by:
gwalters earned 150 total points
ID: 1855308
OK, it's a kludge, but it worked for me:

The logout CGI did the following:

1) Send something to the browser telling the user they logged out (i.e. "Content-type: text/html\n\nLogout successful").
2) Fork a new process.  Old process dies (telling NCSA the cgi is done), new process should close stdin and stdout for the same reason.  I may have done these close() statements before the fork; I can't remember (can't find the sourcecode).
3) New process creates a new .htpasswd file with the user's entry changed or absent, then sleeps for a certain period of time.
4) New process creates a new .htpasswd file with the user's entry restored.

As long as user requests a protected document between steps 3 and 4 (adjust the sleep time as appropriate), the browser will detect the failure on the username/password that, until now, worked.  This will cause a new prompt.

Notes:
1) It's not really a logout, of course (since there was never a "login").  The user must request a document between steps 3 and 4 to get the prompt.  If they wait until after step 4, the browser will use the old authentication info.  You may be able to do a javascript or http-refresh trick to force the browser to request a protected document after logging out.
2) If this is to be used by a lot of people, you better use some kind of file locking.  Your first instinct may be to create a backup .htaccess in step 3, then just copy it in step 4.  This won't work, however, if more than one person is "logged out" at a given time.

Sorry I can't find my source code.  I'm still looking.


0
 

Author Comment

by:molla051997
ID: 1855309
gwalters, If you succeed in finding source code, Notify me.
0

Featured Post

Understanding Linux Permissions

Linux for beginners: How to view the permissions associated with files and directories and also how you can change them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question