3

I am writing a set of VBA macros in which it uses the XMLHTTP object to send asynchronous requests to a server. I am sending Basic Authentication with:

XMLHttpReq.setRequestHeader "Authorization","Basic " & Base64EncodedUserPass

This works great the first time. But if the user changes their userid/password, even if the code creates a brand new XMLHttpReq object and sets this header to the new information, it logs in to the server as the first user, presumably from cached credentials.

How can I cause the code to "forget" that I have logged in before, and re-authorize?

Edit as requested, the relevant part of the code; it really isn't very complicated:

myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText
Josh
  • 4,134
  • 7
  • 32
  • 40
  • If i use the URL format http[s]://user:password@host/ then I can interchangeably use different usernames, but this seems less secure somehow. Maybe this is the only way to do it, though? – Josh Jul 17 '12 at 19:02
  • Did you try clearing out IE history? http://www.mrexcel.com/forum/showthread.php?440162-How-do-I-clear-Internet-Explorer-with-Excel-VBA – JimmyPena Jul 23 '12 at 12:50
  • I don't want to clear out the entire IE history just for this one task. The underlying macros will be distributed to customers as part of a larger product, and I don't feel like I should be taking that much direct control over their IE cache. – Josh Jul 23 '12 at 13:40
  • OK. Can you show more of your code? – JimmyPena Jul 23 '12 at 13:42

1 Answers1

5

These questions have been discussed in many ways due to major browsers different implementations of caching methods.

I will give you what worked for me and then the sources I found on this feature.

The only solution I could came across was to force the browser to not cache the request.

myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader("Cache-Control", "no-cache");
oHttp.setRequestHeader("Pragma", "no-cache");
oHttp.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText

It seems that Cache-Control works on most browsers and Pragma only on Firefox and not IE (don't know why...)

If-Modified-Since is used for IE, since IE uses different settings in his own algorithm to determine whether or not the request should be cached. XMLHttpRequest seem to not be treated as the same as HTTP responses.

Careful : With this code you will need username and password each time a new object is created. Maybe you should create a new object, instantiate it once and then destroy it after use. In between you would have all your requests handled in different functions with only one authentication.

Sources

MSDN setRequestHeader Method

MSDN IXMLHTTPRequest

XMLHTTPREQUEST CACHING TESTS

XMLHttpRequest and Caching

assylias
  • 310,138
  • 72
  • 642
  • 762
Romain
  • 6,113
  • 3
  • 31
  • 39
  • The only browser I need to worry about is IE in this case, because I am using the MSXML2.XMLHTTP object which (as far as I know) only uses the IE engine. I will give this a try. – Josh Jul 23 '12 at 18:55
  • On first examination, this did what I needed, but I may need to investigate more. I am not quite ready to give this the "best answer" flag. – Josh Jul 23 '12 at 19:06
  • I am still marking this "best answer" because it partially works. The remaining problem arises if an incorrect userid and password are sent in the Authentication header which causes the IE "username/password" popup window. If I enter a proper userid and password here manually, then the Authentication header is still ignored on later calls. Any ideas? – Josh Jul 24 '12 at 14:11