Billy Posted December 21, 2003 Share Posted December 21, 2003 I've used "web protect" to restrict access to a subdirectory on my website. I've noticed, though, that every browser I use stores a cookie that has the userid and (encrypted) password to get past .htaccess the next time around. I want to disable that, but from the server side of things. I'm aware that disabling cookies on browsers would do the same thing, but that's just not practical in this case. Is there something I can do? Thanks, Billy Quote Link to comment Share on other sites More sharing options...
surefire Posted December 22, 2003 Share Posted December 22, 2003 Are you saying you want to force users to type a login rather than getting straight through on subsequent visits? I'm not sure I understand what you're trying to accomplish. Quote Link to comment Share on other sites More sharing options...
Billy Posted December 22, 2003 Author Share Posted December 22, 2003 Yes, that's what I want to do. It's not so much of a security issue; its a matter of insuring my boss and others that the information is safe from "predators." The mental effect of having to type your password and username everytime is valuable in this respect , even though it would be annoying to me. Am I able to do something like this? Quote Link to comment Share on other sites More sharing options...
surefire Posted December 23, 2003 Share Posted December 23, 2003 I would use a session that dies when the browser is closed or a certain amount of time passes. If you want the session to die if they leave your site for even a second then you'll have to incorporate a client side mechanism (javascript) to kill the session. If you're going to write your own code, I'd consider checking out PatUser in order to get you moving in the right direction. I haven't used it personally but plan to. I've written my own code and it's a lot easier to go with someone else's work. Best of luck to you. Hope these ideas help. Quote Link to comment Share on other sites More sharing options...
Billy Posted January 5, 2004 Author Share Posted January 5, 2004 Thanks for your help, TCH-Jack! TCH rocks. Quote Link to comment Share on other sites More sharing options...
stevesh Posted January 6, 2004 Share Posted January 6, 2004 I've had the same situation, with bosses who worry about "those people on the Internet" entering our site. A little knowledge is a dangerous thing. If you put the following in the <head> of your page, it will prevent the browser from caching the page, and the user will have to re-enter his user name and password each browser session. If he keeps his browser open, he can leave the page and come back without re-entering that info. If you need to stop that, you'll need some kind of script. <meta http-equiv="expires" content="-1"> <meta http-equiv="Pragma" content="no-cache"> This works (for my pages, anyway) in both IE6 and Netscape. Steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.