NGINX basic auth timeout?
Solution 1
Excerpt from section Disadvantages from wikipedia article about HTTP authentication
Existing browsers retain authentication information until the tab or browser is closed or the user clears the history. HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a 'logout' user interface element (mentioned in RFC 1945, but not implemented by most browsers) or API available to JavaScript, further extensions to HTTP, or use of existing alternative techniques such as retrieving the page over SSL/TLS with an unguessable string in the URL.
Solution 2
This question is very similar to https://stackoverflow.com/questions/8034899/%20nginx-auth-basic-time-limitation and the answer there is most useful. I won't duplicate it here.
Related videos on Youtube
Gabriel
Data Analyst. Postgres, Oracle, Tableau. Having fun making scrapping tools and other stuff in Go and Javascript. Linux user for 15+ years, Archlinux FTW! Systems Engineering student at UTN.
Updated on September 18, 2022Comments
-
Gabriel almost 2 years
I've protected a directory with satisfy and basic_auth, but seems that the validation is not stored in a cookie which after some time it's deleted, seems it's ip or something based. So i login once and eve if i keep the website open for half an hour, it does not re-request the validation.
Is there a way to set a timeout? ie, get access 10 minutes and after that, have to login again if clicking on a file?