[1732] in WWW Security List Archive
Re: User Auth.
daemon@ATHENA.MIT.EDU (Jeff Hostetler)
Wed Mar 27 00:03:53 1996
From: jeff@spyglass.com (Jeff Hostetler)
To: "Larry J. Hughes Jr." <hughes@indiana.edu>
Cc: nneul@umr.edu (Nathan Neulinger),
"S.W. Cheung" <swcheung@hkimd.cig.mot.com>,
www-security@ns2.rutgers.edu, jeff@fido.spyglass.com
In-Reply-To: (Your message of Tue, 26 Mar 96 14:22:49 EST.)
<199603261922.OAA25267@bodhi.it.iupui.edu>
Date: Tue, 26 Mar 96 18:16:54 -0600
Errors-To: owner-www-security@ns2.rutgers.edu
> #I've suggested a "Unauthenticate" menu option to netscape many times, but
> #it's not like they ever listen to users.
Spyglass has had this feature for over a year. From a dialog available
from the menu bar, you can flush the password cache. You can also disable
password cacheing completely, if you want.
> Better yet, integrate this functionality into HTTP so the server
> can optionally request that the browser not cache the user's
> password. ....
I've also been experimenting with a server version. An HTTP header
of the form:
FlushAuthenticationCache: Basic realm=foobar
Which lets the server ask the browser that the cache for the given
realm and authentication method.
Thoughts ??
jeff
