Solved

Re-Authorization

Posted on 1997-10-19
9
197 Views
Last Modified: 2013-12-25
I'm using NCSA web server and diretory authorization in use
of htpasswd. Problem is that Once the user logged-in, He can
 not change the user id except exiting netscape.
Here is the Question.
How can the user re-logon or chane(Re-displaying log-on  dialog) user id whenever he wants?
0
Comment
Question by:molla051997
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Expert Comment

by:johnt082197
ID: 1855301
I dunno the answer, but you'll note the problem is the same with experts exchange :)
0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855302
User will have to re-enter his password only if he has to access a file that is not allowed to his first login.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855303
I did it once.  Basically implemented a "logout" CGI.  When the user clicked on it, the next click caused a re-authentication, even though they were accessing the same directory they had been the whole "session".

I'll give you details if and when you reject the current answer.
0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855304
I will be really interrested by the solution of gwalters.
Authentification has no thing to deal with CGI's or other server side installed programs.
The mechanism is the following:
When the server recieve a request for a protected URL, it asks the client for identification.
If the client has it gives what it knows.
If that does not satisfy the server requierement (or if the client has none), the client asks the user for identification (or RE-).

SO I dont see how a logout CGI will change the client side informations.

0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:gwalters
ID: 1855305
If you're so interested in my answer, why didn't you submit this as a COMMENT?  Now it's locked again!

0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855306
Sorry gwalter, it is a mistake, sincerly.
0
 

Author Comment

by:molla051997
ID: 1855307
gwalerts!! give me deatailed answer
0
 
LVL 3

Accepted Solution

by:
gwalters earned 50 total points
ID: 1855308
OK, it's a kludge, but it worked for me:

The logout CGI did the following:

1) Send something to the browser telling the user they logged out (i.e. "Content-type: text/html\n\nLogout successful").
2) Fork a new process.  Old process dies (telling NCSA the cgi is done), new process should close stdin and stdout for the same reason.  I may have done these close() statements before the fork; I can't remember (can't find the sourcecode).
3) New process creates a new .htpasswd file with the user's entry changed or absent, then sleeps for a certain period of time.
4) New process creates a new .htpasswd file with the user's entry restored.

As long as user requests a protected document between steps 3 and 4 (adjust the sleep time as appropriate), the browser will detect the failure on the username/password that, until now, worked.  This will cause a new prompt.

Notes:
1) It's not really a logout, of course (since there was never a "login").  The user must request a document between steps 3 and 4 to get the prompt.  If they wait until after step 4, the browser will use the old authentication info.  You may be able to do a javascript or http-refresh trick to force the browser to request a protected document after logging out.
2) If this is to be used by a lot of people, you better use some kind of file locking.  Your first instinct may be to create a backup .htaccess in step 3, then just copy it in step 4.  This won't work, however, if more than one person is "logged out" at a given time.

Sorry I can't find my source code.  I'm still looking.


0
 

Author Comment

by:molla051997
ID: 1855309
gwalters, If you succeed in finding source code, Notify me.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The viewer will learn how to count occurrences of each item in an array.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now