Msg#: 4416815 posted 5:39 pm on Feb 12, 2012 (gmt 0)
I have a webpage that is password protected via .htaccess .htusers the problem i have is that if you log into the page the come out of it and follow the link back in it allows access without asking for the username and password i would like to stop this .
Msg#: 4416815 posted 6:16 pm on Feb 13, 2012 (gmt 0)
This is not a caching problem. What keeps the user logged in, and "connected" to the site, separate from other users? A cookie. Without other options,this is a session cookie that dies only after you close the browser. Solution: modify your login scheme to allow the cookie to expire, or, create a logout scheme that deletes the cookie.
Msg#: 4416815 posted 5:00 pm on Feb 14, 2012 (gmt 0)
Cookies are your friend, they're what keep you connected to the website. When you place an item in a cart, that's what is keeping you connected to YOUR cart, a cookie. It's what's keeping you logged in to this site. Even PHP sessions use the PHPSESSID cookie. They get a bad rap because of the attempts at abuse, but generally they are a harmless bit of info and as programmers we'd be pretty much lost without them (although, you should always program for ways to handle connections should they be disabled.)
Cookies set for auth methods in .htaccess are generally session cookies (die when the browser closes) but if you dig through the documentation I'm **pretty sure** there's a way to set their life, make them persistent, and un-set them.
Msg#: 4416815 posted 5:31 pm on Feb 14, 2012 (gmt 0)
HUmmm that sort of defeats the object they need to die the instant you come out of the page in question this makes life very hard indeed . In that case i need to look at it from a differnet angle once a user has accessed the page in question one time they will no longer get in again a one time password