Solved

Re-Authorization

Posted on 1997-10-19
9
215 Views
Last Modified: 2013-12-25
I'm using NCSA web server and diretory authorization in use
of htpasswd. Problem is that Once the user logged-in, He can
 not change the user id except exiting netscape.
Here is the Question.
How can the user re-logon or chane(Re-displaying log-on  dialog) user id whenever he wants?
0
Comment
Question by:molla051997
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Expert Comment

by:johnt082197
ID: 1855301
I dunno the answer, but you'll note the problem is the same with experts exchange :)
0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855302
User will have to re-enter his password only if he has to access a file that is not allowed to his first login.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855303
I did it once.  Basically implemented a "logout" CGI.  When the user clicked on it, the next click caused a re-authentication, even though they were accessing the same directory they had been the whole "session".

I'll give you details if and when you reject the current answer.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:gabsi
ID: 1855304
I will be really interrested by the solution of gwalters.
Authentification has no thing to deal with CGI's or other server side installed programs.
The mechanism is the following:
When the server recieve a request for a protected URL, it asks the client for identification.
If the client has it gives what it knows.
If that does not satisfy the server requierement (or if the client has none), the client asks the user for identification (or RE-).

SO I dont see how a logout CGI will change the client side informations.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855305
If you're so interested in my answer, why didn't you submit this as a COMMENT?  Now it's locked again!

0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855306
Sorry gwalter, it is a mistake, sincerly.
0
 

Author Comment

by:molla051997
ID: 1855307
gwalerts!! give me deatailed answer
0
 
LVL 3

Accepted Solution

by:
gwalters earned 50 total points
ID: 1855308
OK, it's a kludge, but it worked for me:

The logout CGI did the following:

1) Send something to the browser telling the user they logged out (i.e. "Content-type: text/html\n\nLogout successful").
2) Fork a new process.  Old process dies (telling NCSA the cgi is done), new process should close stdin and stdout for the same reason.  I may have done these close() statements before the fork; I can't remember (can't find the sourcecode).
3) New process creates a new .htpasswd file with the user's entry changed or absent, then sleeps for a certain period of time.
4) New process creates a new .htpasswd file with the user's entry restored.

As long as user requests a protected document between steps 3 and 4 (adjust the sleep time as appropriate), the browser will detect the failure on the username/password that, until now, worked.  This will cause a new prompt.

Notes:
1) It's not really a logout, of course (since there was never a "login").  The user must request a document between steps 3 and 4 to get the prompt.  If they wait until after step 4, the browser will use the old authentication info.  You may be able to do a javascript or http-refresh trick to force the browser to request a protected document after logging out.
2) If this is to be used by a lot of people, you better use some kind of file locking.  Your first instinct may be to create a backup .htaccess in step 3, then just copy it in step 4.  This won't work, however, if more than one person is "logged out" at a given time.

Sorry I can't find my source code.  I'm still looking.


0
 

Author Comment

by:molla051997
ID: 1855309
gwalters, If you succeed in finding source code, Notify me.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question