The problem seems to be that the session's authentication persists even after I log out. It goes like this:
- Connect (1st time)
- Authentication is requested
- Do stuff
- Close browser tab
- Connect (2nd time)
- No authentication is requested ... !?!
- I'm logged in.
- I click "Logout" and it ushers me to the "Users" page.
- I close the tab in IE7.
- I enter the URL for the Premise server.
- This time I am not challenged to authenticate myself; it presents the "Users" page.
- If I close IE7, restart it, enter the URL, I will be asked to login. The session's authentication appears to be cached somewhere and flushed only if IE7 is restarted.
Is any of this session-handling stuff configurable in Premise's web server?
FWIW, using the same browser, my bank's web site does not behave this way. If you re-connect you willl be asked to identify yourself again.
Edited by 123, 10 June 2008 - 09:02 AM.