Forum Moderators: phranque
Although this authentication is required for any page within the directory, Browsers will only prompt users once per session, then seemlessly use the same credentials for subsequent requests.
I want to provide a "logout" link on the site. Once the user selects this, what do I need to do, on my client side to tell the browser to "log" the user out. Presumably there is a piece of standard code recognised by all browsers for this very function. Ideally I'd like a simple HTML solution (no other feature of the site relies on Javascript), but at the moment I can't find any info on this simple task.
BTW, In case it's relevant I am using Perl for my server side scripting.
This is because of the way that Basic Auth works: Your server tells the browser, using a 401 response, that auth is required. The browser prompts the user for a username/password pair. The browser then sends that username/password pair with every subsequent request to the auth domain you specified when setting up the Basic auth.
The reason this mechanism is implemented this way is that HTTP is a stateless protocol. Each and every HTTP request exists on its own; Neither the server nor the client (e.g. browser) 'tracks' any kind of 'state' or 'session' information from request to request. So the server has no memory or knowledge of any request(s) before or after the one it is currently serving.
If you really need to have better auth control, you can use a session-aware scripted solution 'above' Apache -- one that uses session cookies or query strings on URLs to track the state of the current user session.
Jim
