If you can code in all your pages a line:

<meta http_equiv="refresh" content="1800:URL=login">
Any screen left untouched for 1800 seconds will send the user to the login page.
Matt.Haas@xxxxxxxxxxx wrote:

I know I got this to work at one point (I can't find what I was messing
with) but for what you're doing, it would probably be better to ditch
basic authentication (which doesn't have anything built in to expire
logins) and roll your own. There are two ways you can do that. The first
(and likely hardest) would be to write a plug-in to make basic auth do
what you want. This program needs to be multi-threaded which rules RPG
out. You may be able to find something for Apache 2.0 on another OS that
can be ported over.

The second way you can do this is to come up with your own
authentication scheme and make everything understand it. For static
pages, you'd need to pull in a program via an SSI that checks to see if
the user is logged in with a valid session or not. You'll end up needing
to created a session id and it's easiest to store it in a cookie. What I
did is create a file that holds session information in it. When a
session id is generated, I put it and a timestamp in the table (the
session ID is a GUID that I hash with some other values so there ends up
being more in that table to I can verify the session ID hasn't been
tampered with). Every time I need to check to see if it's still valid,
it's a simple lookup to see if the current time is less than the
timestamp. If not, they get redirected to the login page. This also
makes it easy to log in and out of the site.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of cozzi@xxxxxxxxx
Sent: Wednesday, March 29, 2006 9:49 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Authenticate "on demand"

  Got it to ask for the user id and password.
  Great.
  But it seems to be requiring it to be entered 3 times before it takes
it,
  but even then it still doesn't sing off the prior sign-on user id.
:(
-BOb

    -------- Original Message --------
    Subject: Re: [WEB400] Authenticate "on demand"
    From: Matt.Haas@xxxxxxxxxxx
    Date: Wed, March 29, 2006 8:12 am
    To: <web400@xxxxxxxxxxxx>

    That looks right. I just hit a site using basic auth that we have
and
    here's the headers I got back:

    HTTP/1.1 401 Authorization Required
    Accept-Ranges: bytes
    Content-Type: text/html; charset=ISO-8859-1
    Connection: close
    Date: Wed, 29 Mar 2006 14:08:20 GMT
    WWW-Authenticate: Basic realm="Customer_Service"
    Server: Apache/2.0.52 (iSeries)
    Content-Length: 975

    I don't know if order makes any difference or not.

    Matt

    -----Original Message-----
    From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
    [mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On
Behalf Of
    Bob Cozzi
    Sent: Tuesday, March 28, 2006 10:00 PM
    To: 'Web Enabling the AS400 / iSeries'
    Subject: Re: [WEB400] Authenticate "on demand"

    Matt,
    Are you suggesting that I send something like the following:

    Status 401 Unauthorized
    WWW-Authenticate: Basic realm="cPanel"
    Connection: close

    -Bob

    -----Original Message-----
    From: web400-bounces@xxxxxxxxxxxx
[mailto:web400-bounces@xxxxxxxxxxxx]
    On
    Behalf Of Matt.Haas@xxxxxxxxxxx
    Sent: Tuesday, March 28, 2006 3:42 PM
    To: web400@xxxxxxxxxxxx
    Subject: Re: [WEB400] Authenticate "on demand"

    Bob,

    If you are using basic authentication, you'll need to send an
    Authenticate HTTP header to get the browser to pop up the
authentication
    dialog.

    Matt

    -----Original Message-----
    From: web400-bounces@xxxxxxxxxxxx
[mailto:web400-bounces@xxxxxxxxxxxx]
    On Behalf Of cozzi@xxxxxxxxx
    Sent: Tuesday, March 28, 2006 2:01 PM
    To: Web Enabling the AS400 / iSeries
    Subject: [WEB400] Authenticate "on demand"

      I need to have users log onto the 400 via a web page.
      Got that working fine... authentication does it.
But if they sit there for more than 30 minutes, I need to have
the
      authentication expire and when they go to another page, "force"
them
    to
      sign on again.
I've tried several HTTP Headers, but nothing seems to force them
to
      re-signon.
Any ideas? -Bob Cozzi




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.