[1734] in WWW Security List Archive
Re: User Auth.
daemon@ATHENA.MIT.EDU (Michael Brennen)
Wed Mar 27 02:14:34 1996
Date: Tue, 26 Mar 1996 22:40:59 -0600 (CST)
From: Michael Brennen <mbrennen@fni.com>
To: Nathan Neulinger <nneul@umr.edu>
cc: "S.W. Cheung" <swcheung@hkimd.cig.mot.com>, www-security@ns2.rutgers.edu
In-Reply-To: <v02130501ad7db80d4646@[131.151.253.33]>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 26 Mar 1996, Nathan Neulinger wrote:
> At 8:38 PM 3/26/96, S.W. Cheung wrote:
> >Dear All,
> >
> >I got a question about User Auth. How can I force or allow my users to
> >"logout" without quitting the client?
>
> Unfortunately, all the browsers seem to have the buttheaderd notion that
> you'd never want to do this... Makes them completely unsuitable for a
> shared lab environment.
>
> I've suggested a "Unauthenticate" menu option to netscape many times, but
> it's not like they ever listen to users.
A little experimentation turned up these results (Win 3.1 versions).
MSIE, under View / Security / Basic Authentication has the option to
forget passwords.
Clearing the memory cache in Netscape 1.22 does not clear the cached
passwords. In 2.01, clearing memory cache *does* clear cached passwords.
NCSA Mosaic 2.1 does not forget passwords when clearing memory cache.
-- Michael
