Password protection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a password protected subweb, to get in you need the user and password. This works great, except that if you stay on the site you can still get in to this web. as long as you keep the browser open you can keep going in. Is there any way to change this, so when they leave the area they need to have user and password again? Need help please.
 
-----Original Message-----
I have a password protected subweb, to get in you need
the user and password. This works great, except that if
you stay on the site you can still get in to this web.
as long as you keep the browser open you can keep going
in. Is there any way to change this, so when they leave
the area they need to have user and password again? Need
help please.
Click to expand...

No, you can't log the visitor out when he or she browses
a different site. The reason is that the Web server has
no idea that the visitor has moved on. If, for example,
the visitor logs into your site, then browses a site from
his or her Favorites list, and then hits the Back button
to return to your site, your Web server has no way of
knowing this.

You *can* catch some cases of visitors wandering off and
back: for example, you could have all outside links in
your site run a logoff program that upon success
redirects the visitor elsewhere. But this won't catch a
visitor who chooses another site from the Favorites list,
or who hand-types another URL.

You could also check the HTTP-Referrer header to verify
that each request in your site came from another page in
your site. If not, you could force a new login. But this
wouldn't catch visitors who resume an interrupted session
by using the Back button.

And of course, visitors can always wander off to another
site by opening a new browser window.

As a result of all these loopholes, most sites drop
logins based on time rather than based on browsing
another site. If, for example, a visitor goes 30 minutes
without requesting a page from your site, then the login
becomes invalid.

Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Office FrontPage 2003 Inside Out
|| Microsoft FrontPage Version 2002 Inside Out
|| Web Database Development Step by Step .NET Edition
|| Troubleshooting Microsoft FrontPage 2002
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
 
Back
Top