diff --git a/features/http-auth.xml b/features/http-auth.xml index 4a9414ba92..ca08581023 100644 --- a/features/http-auth.xml +++ b/features/http-auth.xml @@ -61,7 +61,7 @@ controls a non-authenticated URL from stealing passwords from authenticated URLs on the same server. - Both Netscape and Internet Explorer will clear the local browser + Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively "log out" a user, forcing them to re-enter their username and password. Some people @@ -99,12 +99,14 @@ standard, so you should never depend on this. Testing with Lynx has shown that Lynx does not clear the authentication credentials with a 401 server response, so pressing back and then forward - again will open the resource (as long as the credential - requirements haven't changed). + again will open the resource as long as the credential + requirements haven't changed. The user can press the + '_' key to clear their authentication information, however. + Also note that this does not work using Microsoft's IIS server and - the CGI version of PHP due to a limitation of IIS. - + the CGI version of PHP due to a limitation of IIS. +