rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: bkkranj on May 10, 2007, 09:04:26 AM
-
Doesn't seem to be working. Connection is kicked after 60 seconds. But user can still browse through tree.
I am trying to acchive, that when use is inactive for 60 sec. he must log in again.
Please help. Thank you in advance.
-
I am using ver. 2.1d
-
I think that it has to do with the rowser remembering the log in data from when you first logged in so if you log in and close the browser let it time out then try in a new browser window you should have to log in again
-
Yes, that works just fine. But what about whenever user stays connected and doesn't leave browser.
Inspite of inactivity, he is able to browse through files after let's say 1 hour.
It could happen, that user forgets to close browser windows on a public accesed machine.
-
Im not sure what can be done besides closing the browser window because HFS does what its supposed to be doing and disconecting after 60 seconds but the browser remembers the login data and logs back in when a page is requested and login is needed. There might be some way around it but I dont think there is because it is the browser making the problem not hfs.
-
http://en.wikipedia.org/wiki/Basic_authentication_scheme
Sadly, there is no way to force a browser to abandon the cached credentials. You can even cache them forever so you don't have to enter them ever again.
The connectivity timout feature is only existant to close established connections after some time, in the case the client doesn't so by itself. But this does NOT clear the login data!
MarkV
-
Thanx anyway.
Hoping that this would be able in the future. This is serious security threat. :-\
-
HFS in the future will use a different authentication system, but don't wait for it, i may not live that long :)