password protected directory browsing

Hello-

I've got a directory that is password protected (hosted on XO comm site,
where they use an .htaccess file).

When I navigate out of the directory, and then back into it, I don't have to
re-enter my password. I would like to force the user to reenter the password
every time they try to enter the directory . Once they're in the directory,
then they should not have to re-enter the password as long as they don't
leave the directory and re-enter it.

Also, if idle for a while (let's say 10 minutes), is there a way to
automatically reload the page and ask for a password? is this done simply
with a meta refresh tag?

The pages are .shtml pages, but I don't think that enters into the equation.

-Elio

That is how the .htaccess is supposed to function, in that it does not
require the person to login mutliple times.

I would think that what you want to implement will be hated by your client.

--
Regards

Paul Whitham
Valleybiz Internet Design
www.valleybiz.net

Team Macromedia Volunteer for Ultradev/Dreamweaver MX
www.macromedia.com/support/forums/team_macromedia
"Elio Gizzi" <valelio (AT) ix (DOT) netcom.com> wrote

Quote:

Hello-

I've got a directory that is password protected (hosted on XO comm site,
where they use an .htaccess file).

When I navigate out of the directory, and then back into it, I don't have
to
re-enter my password. I would like to force the user to reenter the
password
every time they try to enter the directory . Once they're in the
directory,
then they should not have to re-enter the password as long as they don't
leave the directory and re-enter it.

Also, if idle for a while (let's say 10 minutes), is there a way to
automatically reload the page and ask for a password? is this done simply
with a meta refresh tag?

The pages are .shtml pages, but I don't think that enters into the
equation.

-Elio

Paul-

I agree, but that is what the client wants, believe it or not.

My guess is that I need a database driven site that keeps track of sessions,
which is way beyond this project.

Thanks for the input.

-Elio

that was my thought- and why i kept quiet. Did a quick search of basic
authentication and didn't find anything to expire a login.

in short- when folks log in they are "in" until they close the browser or
restart their machines.

may be a case of edumacatin the client maybe?

Quote:

Paul-

I agree, but that is what the client wants, believe it or not.

My guess is that I need a database driven site that keeps track of sessions,
which is way beyond this project.

Thanks for the input.

-Elio

--
Team Macromedia Volunteer for Dreamweaver
Certified Dreamweaver MX Developer

You don't need to track sessions but you will need a datasource that
replicates the Users.txt file used in .htaccess.

Most login routines (such as the one in DMX) set up a session variable, and
then test for it on the pages that you want to restrict.

To implement what your client wants all you would need to do is to destroy
the session variable on any page outside of the restricted area with a line
of code like

<%session.abandon%>

Then when they try to go back into a restricted page they will be required
to login again. Be warned though that this code will destroy all sessions.


--
Regards

Paul Whitham
Valleybiz Internet Design
www.valleybiz.net

Team Macromedia Volunteer for Ultradev/Dreamweaver MX
www.macromedia.com/support/forums/team_macromedia
"Elio Gizzi" <valelio (AT) ix (DOT) netcom.com> wrote

Quote:

Paul-

I agree, but that is what the client wants, believe it or not.

My guess is that I need a database driven site that keeps track of
sessions,
which is way beyond this project.

Thanks for the input.

-Elio