From m204wiki
Jump to navigation Jump to search

Send 'unauthorized' response on pwd change

NEWPASSWORDC is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter prevents Janus Web Server from immediately sending an "Unauthorized" response to a browser after a password change.

Janus Web Server sends an "Unauthorized" response to a browser whenever the user changes his or her password either by specifying oldpassword:newpassword for the password in a logon pop-up window or with a NEWPASSF/NEWPASSF2 form. This causes a logon pop-up window to appear on the user's workstation, allowing the use to tell the browser what the new password is (there is no way for a server to tell a browser that the user has just changed his or her password).

While having a logon pop-up window appear immediately after a password change might be confusing to end-users, it is probably less confusing than the same window appearing some time later. In certain cases, such as a page with multiple embedded password protected images, the end-user might even receive multiple logon pop-up windows because of a password change, if an immediate "Unauthorized" is not sent after a password change.

If, in spite of all these advantages, an immediate "Unauthorized" after a password change is not desirable, the NEWPASSWORDC (NEW PASSWORD Continue) can be specified on the port definition.

The presence or absence of the NEWPASSWORDC parameter is irrelevant if there is a JANUS WEB ON NEWPASSWORD rule for the port.

Valid only for WEBSERV ports.

See also