Josh Kuperman wrote:
> 1. Once an IP address is authenticate it tends to stay authenticated.
This is a common confusion. It is not the IP address that is
authenticated. It is the browser which has cached the authentication
information internally. To clear a users authentication, the user has to
exit their browser (completely exit the browser. closing the window is
not enought).
> 2. Is there a way of stopping someone from just logging in over
> and over again.
Not really. It is how HTTP works. The user logs in on every request.
Squid currently has no support for limiting usage of a valid login.
What you can do, and what you proposed your self, is to make an
authenticator which remembers that the login has been used, and denies
access. This requires some small modifications to ncsa_auth, and a
appropriate tuning of authenticate_ttl.
--- Henrik Nordstrom Spare time Squid hackerReceived on Sat Feb 27 1999 - 19:14:02 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:47 MST