The problems you mentioned with database authentication are exactly the
reasons we are not using it. We use cookies to do the authentication and
session mangement. Its been working fine for 3 years now.
Karl Keyte <karl_at_koft.com> wrote in message
news:379C8400.57B60BB_at_koft.com...
> A question regarding Oracle Web Server and its interaction with pages
> requiring authentication...
>
> When a page requires authentication, something is sent back in the HTTP
> (presumably) to get the browser to prompt for a username & password.
> The problem is that this is then cached and never requested again unless
>
> the browser is restarted.
>
> Is there anyway to effect a 'log-off' so that a re-authentication can be
> made?
> There seems to be a security problem otherwise in that a different user
> can
> use the same browser session to access someone else's data. Also, the
> page history is maintained so that a new user can jump directly into
> another
> person's session.
>
> Is there no option for using cookies and providing a true log-out style
> mechanism?
>
> What approach has anyone else taken for prompting for usernames and
> passwords?
>
> Please e-mail me back at: karl_at_koft.com.
>
> Many thanks for your help.
>
> Karl
>
>
Received on Thu Jul 29 1999 - 01:05:42 CDT
