Re: mod_plsql / logmeoff problem

Jeremy wrote:
> Hi folks, got a problem with the "logmeoff" function of mod_plsql
>
> You can, if you prefer, simply jmp to the QUESTION at then end.
>
> We are using basic authentication and the user has to enter an Oracle
> username/password to access the app.
>
> If the host is say
>
> http://myhost
>
> Then to log off you can type in
>
> http://myhost/pls/admin/logmeoff
>
> and that should tell the browser you are no longer allowed to access the
> same server/path without re-authenticating.
>
> But it doesn't seem to work properly - I get the message "You have been
> successfully deauthenticated" and next time I try to access the app I
> get prompted for a username and password. However if I just hit Esc to
> the challenge and get the "Authorization required" page and then simply
> hit refresh and the page loads OK.
>
> Other times, if I try to re-authenticate using a different
> username/password it appears to accept those but *actually continues* as
> if logged in as the previously logged-in user.
>
> Othertimes the logmeoff just doesn't appear to have worked at all - get
> the message telling you all is OK but immediately are able to carry on
> working in the app without any re-authentication.
>
> Inconsistent behaviour on different browsers too I think.
>
> QUESTION: does anyone have the (mod_plsql) logmeoff "procedure" (for I
> know that it isn't a true database procedure) successfully implemented?
> If so can you share any tips? I have looked at a couple of articles on
> asktom and believe I am doing things correctly...
>
> cheers
>
>

It works as advertised, unless you have a large cache (you do not start new transactions, then).
Do not know what browser you tested, but change the options as not to rely on the cached page, but check the page every time the page is visited.

For firefox, there's an instant cookie editor - you can see the cookie being set/unset

-- 
Regards,
Frank van Bortel