Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to log out user from web site using BASIC authentication?

Tags:

http

authentication

basic-authentication

Is it possible to log out user from a web site if he is using basic authentication?

Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he/she access the site using the same credentials.

The only solution so far is to close browser, but that's not acceptable from the usability standpoint.

like image 383
Marko Avatar asked Oct 24 '08 13:10

Marko

People also ask

How do I pass username and password in basic authentication?

1 Answer. It is indeed not possible to pass the username and password via query parameters in standard HTTP auth. Instead, you use a special URL format, like this: http://username:[email protected]/ -- this sends the credentials in the standard HTTP "Authorization" header.

How do you invalidate basic authentication?

Basic Auth credentials are cached until the browser is closed. The problem with logging out from Basic Auth is simple: the browser will cache your credentials by default until the browser windows is closed. There is no standard mechanism to invalidate them.

How do you use login Authentication?

Using HTTP Basic Authentication A client requests access to a protected resource. The Web server returns a dialog box that requests the user name and password. The client submits the user name and password to the server. The server validates the credentials and, if successful, returns the requested resource.

How do I authenticate a login in HTML?

Authentication SchemesThe Form authentication scheme uses a HTML web form for the user to enter their username and password credentials and HTTP Post requests to submit to the server for verification. It may also be used programmatically va HTTP POST requests.

2 Answers

Have the user click on a link to https://log:[email protected]/. That will overwrite existing credentials with invalid ones; logging them out.

like image 98
Matthew Welborn Avatar answered Sep 19 '22 18:09

Matthew Welborn

An addition to the answer by bobince ...

With Ajax you can have your 'Logout' link/button wired to a Javascript function. Have this function send the XMLHttpRequest with a bad username and password. This should get back a 401. Then set document.location back to the pre-login page. This way, the user will never see the extra login dialog during logout, nor have to remember to put in bad credentials.

like image 26
system PAUSE Avatar answered Sep 17 '22 18:09

system PAUSE
Sign in to Comment

Related questions

Setting Curl's Timeout in PHP
When should I use GET or POST method? What's the difference between them?
HttpServletRequest to complete URL
Python requests - print entire http request (raw)?
What is Rack middleware?
HTTP 1.0 vs 1.1
What's the difference between "Request Payload" vs "Form Data" as seen in Chrome dev tools Network tab
How are cookies passed in the HTTP protocol?
What is the size limit of a post request?
HTTP headers in Websockets client API
How to define the basic HTTP authentication using cURL correctly?
Adding header for HttpURLConnection
Is either GET or POST more secure than the other?
Does Java have a complete enum for HTTP response codes?
Node.js EACCES error when listening on most ports
What is the difference between URI, URL and URN? [duplicate]
REST response code for invalid data
How to send a GET request from PHP?
How to pass url arguments (query string) to a HTTP request on Angular?
Getting Http Status code number (200, 301, 404, etc.) from HttpWebRequest and HttpWebResponse

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!