I know I got this to work at one point (I can't find what I was messing
with) but for what you're doing, it would probably be better to ditch
basic authentication (which doesn't have anything built in to expire
logins) and roll your own. There are two ways you can do that. The first
(and likely hardest) would be to write a plug-in to make basic auth do
what you want. This program needs to be multi-threaded which rules RPG
out. You may be able to find something for Apache 2.0 on another OS that
can be ported over.

The second way you can do this is to come up with your own
authentication scheme and make everything understand it. For static
pages, you'd need to pull in a program via an SSI that checks to see if
the user is logged in with a valid session or not. You'll end up needing
to created a session id and it's easiest to store it in a cookie. What I
did is create a file that holds session information in it. When a
session id is generated, I put it and a timestamp in the table (the
session ID is a GUID that I hash with some other values so there ends up
being more in that table to I can verify the session ID hasn't been
tampered with). Every time I need to check to see if it's still valid,
it's a simple lookup to see if the current time is less than the
timestamp. If not, they get redirected to the login page. This also
makes it easy to log in and out of the site.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of cozzi@xxxxxxxxx
Sent: Wednesday, March 29, 2006 9:49 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Authenticate "on demand"

   Got it to ask for the user id and password.
   Great.
   But it seems to be requiring it to be entered 3 times before it takes
it,
   but even then it still doesn't sing off the prior sign-on user id.
:(
    
   -BOb

    

     -------- Original Message --------
     Subject: Re: [WEB400] Authenticate "on demand"
     From: Matt.Haas@xxxxxxxxxxx
     Date: Wed, March 29, 2006 8:12 am
     To: <web400@xxxxxxxxxxxx>

     That looks right. I just hit a site using basic auth that we have
and
     here's the headers I got back:

     HTTP/1.1 401 Authorization Required
     Accept-Ranges: bytes
     Content-Type: text/html; charset=ISO-8859-1
     Connection: close
     Date: Wed, 29 Mar 2006 14:08:20 GMT
     WWW-Authenticate: Basic realm="Customer_Service"
     Server: Apache/2.0.52 (iSeries)
     Content-Length: 975

     I don't know if order makes any difference or not.

     Matt

     -----Original Message-----
     From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
     [mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On
Behalf Of
     Bob Cozzi
     Sent: Tuesday, March 28, 2006 10:00 PM
     To: 'Web Enabling the AS400 / iSeries'
     Subject: Re: [WEB400] Authenticate "on demand"

     Matt,
     Are you suggesting that I send something like the following:

     Status 401 Unauthorized
     WWW-Authenticate: Basic realm="cPanel"
     Connection: close

     -Bob

     -----Original Message-----
     From: web400-bounces@xxxxxxxxxxxx
[mailto:web400-bounces@xxxxxxxxxxxx]
     On
     Behalf Of Matt.Haas@xxxxxxxxxxx
     Sent: Tuesday, March 28, 2006 3:42 PM
     To: web400@xxxxxxxxxxxx
     Subject: Re: [WEB400] Authenticate "on demand"

     Bob,

     If you are using basic authentication, you'll need to send an
     Authenticate HTTP header to get the browser to pop up the
authentication
     dialog.

     Matt

     -----Original Message-----
     From: web400-bounces@xxxxxxxxxxxx
[mailto:web400-bounces@xxxxxxxxxxxx]
     On Behalf Of cozzi@xxxxxxxxx
     Sent: Tuesday, March 28, 2006 2:01 PM
     To: Web Enabling the AS400 / iSeries
     Subject: [WEB400] Authenticate "on demand"

       I need to have users log onto the 400 via a web page.
       Got that working fine... authentication does it.
        
       But if they sit there for more than 30 minutes, I need to have
the
       authentication expire and when they go to another page, "force"
them
     to
       sign on again.
        
       I've tried several HTTP Headers, but nothing seems to force them
to
       re-signon.
        
       Any ideas?
        
       -Bob Cozzi


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.