rejetto forum

CONNECTIVITY TIMEOUT

0 Members and 1 Guest are viewing this topic.

Offline bkkranj

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
Doesn't seem to be working. Connection is kicked after 60 seconds. But user can still browse through tree.

I am trying to acchive, that when use is inactive for 60 sec. he must log in again.

Please help. Thank you in advance.


Offline bkkranj

  • Occasional poster
  • *
    • Posts: 5
    • View Profile

Offline Foggy

  • Tireless poster
  • ****
    • Posts: 806
    • View Profile
I think that it has to do with the rowser remembering the log in data from when you first logged in so if you log in and close the browser let it time out then try in a new browser window you should have to log in again


Offline bkkranj

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
Yes, that works just fine. But what about whenever user stays connected and doesn't leave browser.
Inspite of inactivity, he is able to browse through files after let's say 1 hour.

It could happen, that user forgets to close browser windows on a public accesed machine.
« Last Edit: May 10, 2007, 12:38:34 PM by bkkranj »


Offline Foggy

  • Tireless poster
  • ****
    • Posts: 806
    • View Profile
Im not sure what can be done besides closing the browser window because HFS does what its supposed to be doing and disconecting after 60 seconds but the browser remembers the login data and logs back in when a page is requested and login is needed. There might be some way around it but I dont think there is because it is the browser making the problem not hfs.


Offline MarkV

  • Tireless poster
  • ****
    • Posts: 764
    • View Profile
http://en.wikipedia.org/wiki/Basic_authentication_scheme

Sadly, there is no way to force a browser to abandon the cached credentials. You can even cache them forever so you don't have to enter them ever again.

The connectivity timout feature is only existant to close established connections after some time, in the case the client doesn't so by itself. But this does NOT clear the login data!


MarkV
http://worldipv6launch.org - The world is different now.


Offline bkkranj

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
Thanx anyway.

Hoping that this would be able in the future. This is serious security threat.  :-\


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
HFS in the future will use a different authentication system, but don't wait for it, i may not live that long :)