.htaccess - .staccess cookie dump

New Member Joined: Feb 03, 2005 Posts: 10

Is there a way to automatically dump the cookies from visits to the admin sections?

For example: I have set up the .htaccess and .staccess with http auth on. When I try to connect to the admin page I am properly challenged. I enter the correct username and password and I am able to connect to the admin log in screen. After entering the proper username and password, I enter the site administration area as expected. I do what I need to do and log out.

Now after a while, I decide I need to go back into the administration area again. So when I click on the administration link, I am not challenged by the http auth this time. I go directly to the site admin log in screen.

I believe this is because of a cookie being still resident on my machine. If I dump my cookies, I am properly challenged by http auth.

So is there a way I can have the cookies (which deal with the http auth) automatically dump when I click "log out"?

Subject Matter Expert Joined: Feb 23, 2004 Posts: 358

I've always used my HTTP auth server-side... what you are describing is proper behavior for ONE browser session. If you maintain the same browser window and login to the Admin area (after already been there and been challenged once), it shouldn't challenge you again (this is by design, otherwise you'd be challenged for every single page viewed in the Admin area). If you close that browser, open a new one and then try to access the Admin area, you should be challenged again.

If you are able to open a new browser and NOT be challenged again, that would mean a domain cookie is being set, like a Nuke cookie remains valid even with new browsers being initialized. That's NOT good, and that's not HTTP auth server-side standard. There is clear differences between a domain cookie and HTTP auth, the biggest difference being one is normally good for any browser session and instead expires after a certain date, the other expiring at the end of a browser session.

PHrEEk