10:29:31 AM
3FH0MHLIB
"FWIW, this is the way HTTP is supposed to work. You can't release an auth token unless you shut down the app except if the app has some way to explicitly do that for you."
Does this mean if I move the code from my main application into a standalone exe and launch this exe each time that the auth token would be released?
Stuart
Hi Stuart,
Not that I know of. Basically wwHttp uses WinInet which acts like a single browser instance in a process. Once loaded the HTTP instance and 'session' stays live so it remembers cookies and Windows authentication tokens. The only way I know how to unload is to actually access the authentication link and physically log out. IOW, the server has to log you out and invalidate your credentials.
With cookie based (ie. application based) security this is pretty easy - the server app has a logout function that you can call that effectively releases the cookie. You can also do that on hte client by explicitly adding the same cookie and clearing the value.
For authentication this might actually also work. Authentication tokens for various security mechanisms are carried via headers in HTTP - you can take a look at the headers used (typically the Authorization: header) and explicitly set that to blank in your code. This should invalidate the server authentication and hopefully force you to log back in.
FWIW, this is the way HTTP is supposed to work. You can't release an auth token unless you shut down the app except if the app has some way to explicitly do that for you.
+++ Rick ---
I am having a problem with IE storing username/password credentials after issueing the wwhttp, httpget command. Is there an easy way to force the credential caching to be cleared?
The code that I use is simple:
do wwhttp.prg
ohttp=createobject('wwHTTP')
lchtml = ohttp.httpget(<hhtp path>, <username>,<password>,<voice file to retreive>)
< Playback the voice file >
ohttp.destroy()
release ohttp
thanks,
Stuart
