I use http authentication using the basic scheme for my server.
The North sends a 401 response to the client, and then the browser displays a window asking for credentials. And then the browser will send the username / passwd to the Authorization header.
The question is that when the browser opens the link for the second time, the authorization header was included in the request header, but there was no pop-up window, it seems that these credentials were remembered (cached).
Does anyone know how to control this? What should I do if I need to enter a user password each time? What if I need to set a valid duration for this cache?
Many thanks!
source
share