posted 19 years ago
Hi,
I'm new at using the HTTP request authorization header for user authentication, so please bear through this newbie question.
I know I can pop-up an authenticate window in a browser session with the following code snippet:
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//...
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-user\"");
//...
}
I also know how to parse to returning username and password to authenticate the request. So this is okay.
However, I do not know is how to log out of this authorized session without closing the browser. Well, that's not entirely true. I do seem to be able to log out by resending those two response headers, but I get a problem where the first authentication window that pops up won't accept an appropriate username and password. If I cancel the first request, then try to return to the site, the next authentication window responds as expected.
So I'm a little confused at what I'm doing wrong. Any suggestions?
Thanks,
- Greg.