Menu
Possible Duplicate:
HTTP authentication logout via PHP
Hi
I have a some functionality on my website protected using .htaccess and .htpasswd. When users attempt to access this, they get prompt to enter details. They enter their details and get in and can see stuff etc. All works fine.
My question is how do I create a logout functionality for this type of authentication. I know that they can close the browser window to "Logout". But this is not ideal. What would you suggest to me?
Thanks.
425
There is no way to log out of a . htaccess protected directory, unfortunately browsers have never implemented a "forget password" feature!
Basic Authentication wasn't designed to manage logging out. You can do it, but not completely automatically. What you have to do is have the user click a logout link, and send a '401 Unauthorized' in response, using the same realm and at the same URL folder level as the normal 401 you send requesting a login.
Browsers usually don't support this, see How do I log out?
Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.
However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.
Consequently, the answer to this question is, you can't. Sorry.
There are browser extensions that allow you to clear the HTTP authentication for a site. For Firefox the WebDeveloper extension (which is one of my favourtie extensions anyway) offers this feature. The menu for this is Miscellaneous/Clear Private Data/HTTP Authentication.
109
Tested on firefox and chrome. What you can do is send the user to http://logout:[email protected]. This will replace their current username/password with logout/logout (it could be any invalid user/pass combination) and since they now have the wrong username/password, they will have to login again to access the site.
On opera this does not work, because you can have several usernames/passwords at the same time. It didn't work on IE either, because IE does not appear to support http://username:[email protected] URLs.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
