Solved

Changing REMOTE_USER with a CGI rather than closing the browser

Posted on 1998-06-13
4
281 Views
Last Modified: 2013-12-25
If I've already authenticated at a website with a username:password pair, how do I write a CGI that, when invoked, will reset the value of $REMOTE_USER, and challenge me again for my username:password pair. I want to be able to log in as a different user at this point.

I know I can close my browser and $REMOTE_USER will reset, but I'd like to avoid that pain.
0
Comment
Question by:cjb061398
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
julio011597 earned 50 total points
ID: 1829779
Indeed, the web server does keep asking for name:passwd... it is the *intelligent* browser which sends them behind the scenes. Anyway, you can bypass this browser's automatic mechanisms by providing the pair as part of the location url.

Say the new pair is "cjb:mypwd", and the page to access is "http://my.host.com". Then you can force the new pair to be sent by putting this url into the location field:

http://cjb:mypwd@my.host.com

This is, in fact, the same mechanism you would use to access password protected ftp sites.

Regards, julio
0
 
LVL 6

Expert Comment

by:alamo
ID: 1829780
In many cases a better way might be "http://cjb@my.host.com" instead, leaving out the password. The dialog will pop up and ask you.

The advantage of this is that this way your password won't be included in your browser history or any bookmarks you make. I am not sure if your password shows up in the REFERER field also, when you click on an external link, it might, I've never checked.

0
 
LVL 5

Expert Comment

by:julio011597
ID: 1829781
Yes, right. About REFERER, i'm not sure either, but shouldn't be the case... anyway, to be tried.

cjb, still around?

-julio
0
 
LVL 6

Expert Comment

by:alamo
ID: 1829782
I just checked, name:pw@ does indeed show up in the REFERER. I tested with Netscape 4.04. So be careful...

0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question