note httpauth weirdness

author http://smcv.pseudorandom.co.uk/ <smcv@web>

Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)

committer admin <admin@branchable.com>

Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)
author http://smcv.pseudorandom.co.uk/ <smcv@web>
Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)
committer admin <admin@branchable.com>
Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)
diff --git a/doc/forum/How_can_I_invert_the_banned__95__user_check__63__.mdwn b/doc/forum/How_can_I_invert_the_banned__95__user_check__63__.mdwn

index d53a786823a7f82e5a3f17b54a16e308ee619fbd..2436b2e56ba5f117816bd96d20ad402b86c09085 100644 (file)
--- a/doc/forum/How_can_I_invert_the_banned__95__user_check__63__.mdwn
+++ b/doc/forum/How_can_I_invert_the_banned__95__user_check__63__.mdwn
@@ -26,3 +26,8 @@ PS: the user is authenticated via 'httpauth', would that make a difference?
  > --[[smcv]]
  
  >> That was my initial setup but it wasn't working and I got caught-up on the `banned_user` idea.  It would seem I was getting tricked by some credential-caching-weirdness.  Fired up another browser and `locked_pages` works perfectly.  Thanks.  -- fergus
+
+>>> Browsers generally remember HTTP auth credentials until they're closed
+>>> or get a 401 error, and don't generally have a way to "log out".
+>>> As far as I'm aware, there's nothing that [[plugins/httpauth]] can
+>>> do about that. --[[smcv]]
author	http://smcv.pseudorandom.co.uk/ <smcv@web>
	Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)
committer	admin <admin@branchable.com>
	Tue, 18 Feb 2014 15:08:28 +0000 (11:08 -0400)