| View previous topic :: View next topic |
| Author |
Message |
max_carpenter
-
Joined: 18 Mar 2005
Posts: 124
|
 Posted: Mon Dec 11, 2006 3:23 pm Post subject: Directory Listing / Logout |
 |
|
Hello all,
Ok two problems today, I should really have two threads but thats just a waste of space,
My first problem is I have just created a website for our Admin Disk, basicly at my company we have an Admin Disk that we go through installing software on new machines however it was very messy, I have now made it into some very nice step by steps htmls and scripts for restarting pc installing etc and hosting it on an Abyss webserver so we can access it on all the machines. To do software installs what I have done is linked to the software installation file and when you click it it opens up like a download, that is fine however a couple of the files like IE6 require multiple files and I would like to be able to click a link and the installation file frun from it current location with all the other fils but installs on the machine I am working on. Is that possible. I can browse to the machine without Abyss like \\machinename\step10\ and run iesetup.exe fine but doing it through a webbrowser http://machinename/step10/ and clicking on iesetup.exe from the directory listing downloads that one file to temp files then when it comes to execute it can't cause files are missing.
My Second problem is using the Abyss Access control to protected directories. Is their a way I can make the life span of a session alot smaller or have a logout button as we are working in a business here and the Admin Disk website is protected via password so that no employee can just use or copy this software.
All help is appreciated
Thanks
Max
_________________
M.Carpenter
DHCD Computing
max@dhcd.co.uk
www.dhcd.co.uk |
|
| Back to top |
     |
 |
olly86
-
Joined: 25 Apr 2003
Posts: 993
Location: Wiltshire, UK
|
| Posted: Mon Dec 11, 2006 5:04 pm Post subject: Re: Directory Listing / Logout |
|
|
| max_carpenter wrote: | | My Second problem is using the Abyss Access control to protected directories. Is their a way I can make the life span of a session alot smaller or have a logout button as we are working in a business here and the Admin Disk website is protected via password so that no employee can just use or copy this software. |
When you end a browser session the login session will expire, and the login information will not be available. Unless you have checked "remember login" (or something to that effect).
_________________
Olly |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 955
Location: Michigan, USA
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Tue Dec 12, 2006 3:00 pm Post subject: Re: Directory Listing / Logout |
|
|
| max_carpenter wrote: |
My first problem is I have just created a website for our Admin Disk, basicly at my company we have an Admin Disk that we go through installing software on new machines however it was very messy, I have now made it into some very nice step by steps htmls and scripts for restarting pc installing etc and hosting it on an Abyss webserver so we can access it on all the machines. To do software installs what I have done is linked to the software installation file and when you click it it opens up like a download, that is fine however a couple of the files like IE6 require multiple files and I would like to be able to click a link and the installation file frun from it current location with all the other fils but installs on the machine I am working on. Is that possible. I can browse to the machine without Abyss like \\machinename\step10\ and run iesetup.exe fine but doing it through a webbrowser http://machinename/step10/ and clicking on iesetup.exe from the directory listing downloads that one file to temp files then when it comes to execute it can't cause files are missing. |
If the visitors computers can access the network share \\machinename\step10\, you could link to the file using something like <A HREF="file://\\machinename\step10\ iesetup.exe">Install IE6</A>. When your users click on that link, their browser will no more use HTTP but will access the files using the Windows network shares system.
| Quote: | | My Second problem is using the Abyss Access control to protected directories. Is their a way I can make the life span of a session alot smaller or have a logout button as we are working in a business here and the Admin Disk website is protected via password so that no employee can just use or copy this software. |
Abyss We Server Access control does not use sessions. It uses HTTP authentication and it's actually your browser which sends each time the last used login/password to the server. When you restart the browser, the login/password list is reset and it will ask you again for them.
Here is the technical explanation:
HTTP protocol is stateless which means that the server does not keep track of previous requests made by the same IP and does not have a "session" concept (although this can be added using some workarounds namely "cookies").
When you first ask for an password protected URL, the server will reply with error 401 which indicates that the page/image needs a login/password to be accessed. So the browser displays a dialog asking for your credentials. When you enter them and press OK, the browser will send a new request but this time with an extra HTTP header containing the login/password.
The server will process the request, find that it the file it refers to is protected, check for the presence of the login/password in the headers, find them, validate them, and if everything is fine, you get the page/image. Otherwise, error 401 is reported again.
When you browse again the same URL or an URL which is located in the same directory as the previous one, the browser will send the last known valid login/password that the user has used. If the server accepts them, it's ok. Otherwise, it will get error 401 and will ask the user for new credentials.
So as you can see, the server is not in fault here. The browser tries to do things the smart way to save you a lot of time. Most browsers will forget about the last valid login/password when you restart them. So this behavior is only valid during the same browser session.
What you should note here is that the credentials are sent with every request and that the access rights are checked before sending any response.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
max_carpenter
-
Joined: 18 Mar 2005
Posts: 124
|
| Posted: Wed Dec 13, 2006 10:13 pm Post subject: |
|
|
thanks for the reply and thats how i thought it worked but at work I can restart my pc and still login without password confirmation I have to clen out history and cookies.
I do have IE 6 and Firefox and on my server a couple of others s wel for testing my websites out and we also hve the IE 6 package on the abyss server for internal use to install on new machines but it hs multiple files.
Also thanks for the tip on directory just wondering if there was another way.
thnks
_________________
M.Carpenter
DHCD Computing
max@dhcd.co.uk
www.dhcd.co.uk |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Dec 14, 2006 11:51 am Post subject: |
|
|
| max_carpenter wrote: | | thanks for the reply and thats how i thought it worked but at work I can restart my pc and still login without password confirmation I have to clen out history and cookies. |
The best to do in that case to ensure that the login/password are actually sent by the browser on your bahalf is to use a tool such as http://www.fiddlertool.com/fiddler/ .
Fiddler will "spy" over the exchanged data between your browser and web servers. When browsing that protected page, you should see the browser sending an Authorization header. This header is where the browser sends the login/password.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 955
Location: Michigan, USA
|
| Posted: Thu Dec 14, 2006 10:14 pm Post subject: |
|
|
If you're using Internet Explorer, you might try this program: ieHTTPheaders
It shows browser headers in real-time.
I've installed it and really like it.
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
| Back to top |
|
|
|
