Hi, we are developing a corporate portal system which has links to various resources like mail, shared folders, awards, celebrations, news bits, etc.,. I have two problems, which are:
1)When the user accesses this portal for the first time, it authenticates for User ID and Password. And if the user closes the browser window, and opens again and selects the URL which is already present in the history, it never authenticates. Here, I want in such a way that it must authenticate for every session of the user.
2)After the initial authentication, if the user clicks the link to his/her MAIL database, it is prompting once again for authentication. Here, I want in such a way that authentication must be only once. i.e., during the user's initial opening up of the portal page.
Please provide me a solution. I don't want the settings to be client side but in the server.
A1: Put &Login at the end of your URL strings. I'm not sure if this will work from the history, because they are pulling the document up from their cache, not from the server, so there's no request from the server to challenge authentication. There's also an HTTP header for forcing a refresh. I retrieved the following from the HTML 4.01 specification document:
<META http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">
will result in the HTTP header:
Expires: Tue, 20 Aug 1996 14:25:27 GMT
This can be used by caches to determine when to fetch a fresh copy of the associated document.
A2: In R5 and higher, there is a field in the server configuration document, listing the type of authentication to use. There's basically three types: Single server, multiple server, and "realm". I personally usually use multiple server, as this stores a cookie on the user's machine and allows them to authenticate between more than one machine at a time, and it also challenges them through an HTML document (which is customizable) rather than the standard IE/Netscape/Etc password dialog box.