Re: mod_plsql LOGMEOFF -- how does it work?

From: Mark C. Stock <mcstockX_at_Xenquery>
Date: Sat, 5 Mar 2005 00:30:23 -0500
Message-ID: <Jt-dnXyNdJBv3rTfRVn-qA_at_comcast.com>

[Quoted] "Thomas Kyte" <thomas.kyte_at_oracle.com> wrote in message news:119986625.0000629b.040_at_drn.newsguy.com...
> In article <4KudnYNUZqcXObXfRVn-sQ_at_comcast.com>, Mark C. Stock says...
>>
>>when user mod_plsql, appending LOGMEOFF to a DAD clears the browser's
>>credentials
>>
>>does anybody know how this is done (what HTML headers might be sent?)??
>>
>>i need to do this in a non-oracle PHP app, and i can't find any references
>>to how this is possible without having the browser prompt for new
>>credentials, yet somehow mod_plsql is accomplishing it
>>
>>++ mcs
>>
>>
>
>
> flashback to a time long long ago....
>
> I wrote logmeoff :)
>
> http://asktom.oracle.com/~tkyte/owarepl/doc/dbauth.html#logoff
>
> don't try to use the code there (was for the old OWS 2.1 version -- before
> iAS
> 10g, iAS 9i, owas 4.0, owas 3.0 there was ows 2.1 and 2.0 and ois 1.0.
> this
> dates back that far...)
>
>
> --
> Thomas Kyte
> Oracle Public Sector
> http://asktom.oracle.com/
> opinions are my own and may not reflect those of Oracle Corporation

thanks tom, but how's it actually work, if you can let us know...

the link states:

<snip>
What we need to do is trick the browser into remembering a 'bad' username/password pair for a given Realm/Host/Port. We do this in the cartridge (or cgi-bin) application by recognizing a special URL, 'LogMeOff'. In order to log off you will:

http://YourHost:YourPort/YourDCDName/owa/LogMeOff

This will alway cause the cartridge to fail authentication (unless the magic username is used). It will not attempt to log in or do anything in the database, it will just fail the authentication.

This will cause the browser to pop up the basic authentication dialog. No matter what combination of username/password you put in, it will fail at this point (unless the magic username is used). </snip>

[Quoted] I notice that in 10gAS (and, as I recall, in 9iAS) the authentication dialog does not pop up (I assume it did in earlier releases).

In my HTML code, if I just send the 401 and www-Authenticate headers, the dialog pops up. What headers do you guys send in 10g to just get the browser to clear its credentials without popping of the dialog? (or if that sounds like a request for proprietery information, may I rephrase it as "What headers do you think probably need to be sent....")

Thanks for your input.

++ mcs Received on Sat Mar 05 2005 - 06:30:23 CET

This message: [ Message body ]
Next message: Frank van Bortel: "Re: Version control of Oracle Stored Objects."
Previous message: fitzjarrell_at_cox.net: "Re: Version control of Oracle Stored Objects."
Maybe in reply to: Mark C. Stock: "mod_plsql LOGMEOFF -- how does it work?"
In reply to Thomas Kyte: "Re: mod_plsql LOGMEOFF -- how does it work?"
Next in thread: Frank van Bortel: "Re: Version control of Oracle Stored Objects."
Reply: Thomas Kyte: "Re: mod_plsql LOGMEOFF -- how does it work?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message