[thelist] Expiring NT Auth Sessions

Ken Kogler gsls at kenkogler.com
Wed Sep 1 15:32:51 CDT 2004


I've got an interesting problem. Win2k server, IIS5, VBscript.

I've got a page on my site which is secured by the NTFS permissions on the
server itself. When a visitor to our website encounters the page, they get a
prompt for a username/password, which is all handled by Win2k. I haven't
written any kind of authentication routine for this, I'm relying on the NTFS
perms. So far, this has worked great.

The trouble comes when a user wants to log out and log back in as someone
else. Right now, when the user tries this, their user/pass is apparently
cached and they're taken back to the protected page as the first user. They
never get the login prompt again to change credentials. 

If the user waits the specified amount of time for their session to expire
(currently set to 20 minutes on my server), then the next time they visit
the login page, they get the prompt.

I can't for the life of me figure out how to code a logOUT page that will
end their session and reset the cached NTFS username/password. I've tried <%
session.end %> and <% session.contents.removeAll %> but no luck. Any

Ken Kogler, Technology Director
Good Shepherd Lutheran School
Collinsville, IL 618-344-3153 

More information about the thelist mailing list