Q: We’ve been testing Outlook
Mobile Access (OMA) and have
found that our users’ passwords
are being cached. How
do we control this behavior?
A: Well, that depends on your users’
phones. Here’s the situation: OMA uses
basic web authentication over Secure
Sockets Layer (SSL) to send an authentication
request to users’ mobile devices,
which then can either prompt the users
for credentials or return a cached set of
credentials. To prevent the annoyance
of needing to continually retype your
password on a 10-key numeric pad,
most cell-phone manufacturers include
some kind of caching mechanism in
their phones.
OMA isn’t the one caching
authentication information, so you
can do nothing on the server side to
prevent the behavior you describe.
Whether you can clear the cache
and stop the behavior depends on
the phone. Some newer phones
(e.g., Sony Ericsson’s T610) include
a separate password cache that has
a shorter lifetime than the phone’s
typical cache. Contact the manufacturers
of your users’ phones to
determine whether you can control
those phones’ caching behavior.
—Paul Robichaux
End of Article
Register
