|
WebApp Sec
mailing list archives
Re: Browser refresh sends username/password after log out -- URGENT
From: "Jim McGarvey" <mcga0031 () umn edu>
Date: Wed, 6 Aug 2003 08:44:15 -0700
More clearly the issue here is also that:
1.) We login using username/password
Hi Krk, could you please clarify which type of authentication you are using
to make sure we're not missing something obvious.
Are you using form-based authentication or HTTP authentication? Form-based
authentication is when you have a login page for your application containing
a FORM with INPUT tags for the username and password. HTTP authentication
typically protects an entire directory and the user's web browser will
pop-up a login message box where they enter their username and password.
Most of the responses to your question have assumed that you are using
form-based authentication, because your initial e-mail stated that as the
problem occurred you received the message "Press retry to send it again,"
assuming this was happening when you were trying to resend the first login
page, not the 7th page. But if you get this message on the 7th page, then
perhaps you aren't using form-based authentication to begin with.
If you use form-based authentication, then I would say what's been said so
far is pretty accurate. If you use HTTP authentication, that changes
things. That would explain why you see your username and password get sent
again when refreshing the logout page... or any of the application pages for
that matter, since basic HTTP authentication will typically resend your
username and password with each request.
Regards,
-Jim
 By Date 
By Thread
Current thread:
- RE: Browser refresh sends username/password after log out -- URGENT, (continued)
- Re: Browser refresh sends username/password after log out -- URGENT Jim McGarvey (Aug 06)
RE: Browser refresh sends username/password after log out -- URGENT Michael Silk (Aug 05)
|
Intro
