Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clearing Request.ServerVariables("LOGON_USER")

Status
Not open for further replies.
Skee777

Skee777

MIS
Nov 29, 2001
17
US
Hello,

I have a secure site using nt authentication. In one instance I would like to open a new window from a link. I have this worked out, but the user authentication session carries over to the new window. I would like to force a new login request when the window is opened.

I am using the Request.ServerVariables("LOGON_USER") to compare the results with a database.

Any suggestions? I have tried the Session.Abandon method, and that doesn't do it.

Thanks



Why isn't phonetic spelled the way it sounds?


 
Sort by date Sort by votes
Hi,
I'm sure someone can explain this better but this logon_user is not a session variable. It is a value passed from the client OS throught the Browser header.
If the user is logged into the workstation that is the logon that is passed, so in effect there is no way to "clear" it other than logging off.
If there is a way to control it outside of the OS maybe someone else here can add.

HTH

Falcon

 
Upvote 0 Downvote
[tt]

Hmmmm...
* * * * * * * * * * *
<%=Tony%>
cold.gif

 
Upvote 0 Downvote
Thanks Falcon for your input.

When a user opens a new IE browser session and accesses our secure website, client for microsoft networks prompts them to login. If the user were to close the browser or open a new browser session, they would be prompted to login again.

In this situation, I am trying to use the javascript method of window.open(URL, which opens the link in a new window. Because they have already authenticated, they are not prompted to login again, the secure url just opens.

What I'm hoping to accomplish is that when the new window opens, they get prompted to login again.

Ideally, if there is a way to clear the windows (LOGON_USER) variable and force a new session.

Alternatively, I wonder if there is a way to close the current browser session and open a completely new browser session directly to the page. Although I thought that is what the javascript did.

Somewhere Windows/IE is bringing the user information to the new browser instance.

Thanks in advance for any insight.

Skee

Why isn't phonetic spelled the way it sounds?


 
Upvote 0 Downvote
Skee,

Opening a new window automatically creates a new session for that window that's why I do not think session variables is your problem. And LOGON_USER is not a session value.

I think you need to investigate which Authentication Method you need to have set for your website. I think you need to disable Anonymous, use basic, do not select Integrated Windows Authentication.

HTH
Falcon
 
Upvote 0 Downvote
Falcon,

you are not entirely correct.

If you open a window via a currently open browser, then
unless you configure your browser otherwise, if you go to the same website then it will share the same session as you are using the same thread and memory space for the two browsers so you need to be careful. Or at least if using IE4+.

James :) James Culshaw
james@miniaturereview.co.uk
 
Upvote 0 Downvote
I've looked long and hard for an answer to this question. I don't think one exists. I'd love to be able to allow a user to log out once they've logged in using challenge/response.

Sorry I'm not more help.
 
Upvote 0 Downvote
This can be done in IE, but as yet I haven't worked out a way of doing it in Netscape.

To clear the user session variables, if you point a link to a page outside the restricted area and put:

for example, then the browser will overwrite their previous login data with a username of 'none' and a password of 'none'. So obviously you can change that to whatever you like. For example I have put the real username of the last user in as this is what appears next time they try to login.

You must hardcode all urls in full from the logout.htm page though, as you can have problems with the none:none@ section causing repeated login requests if it is still present on the start of the url afterwards.

Hope this helps. Please let me know if anyone can shed any light on how to get around it in Netscape, which at present just ignores the login details at the start of the URL.
 
Upvote 0 Downvote
JMB70 -

I couldn't get your HTML to work. But this functionality would be great if it worked. The nested HTML seems to screw it up.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to link a condition to a session(&quot;UID&quot;) ?
Replies
14
Views
530
leifoet
leifoet
leifoet
  • Locked
  • Question
How to display an existing date in Input type=&quot;date&quot;?
Replies
4
Views
301
leifoet
leifoet
krabban
  • Locked
  • Question
Using application(&quot;something&quot;) along with regular expressions
Replies
0
Views
153
krabban
krabban
TribeMan
  • Locked
  • Question
Jmail error message &quot;jmail.SMTPMail error '8000ffff' The message was undeliverable...&quot;
Replies
2
Views
180
ggriffit
ggriffit
cat5ives
  • Locked
  • Question
Server.CreateObject(&quot;Scripting.FileSystemObject&quot;) file exist doesn't work
Replies
2
Views
336
cat5ives
cat5ives

Part and Inventory Search

Sponsor

Back
Top