Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

http basic authentication "log out"

Tags:

javascript

http

basic-authentication

logout

HTTP basic authentication credentials are stored until the browser is closed, but is there a way to remove the credentials before the browser is closed?

I read about a trick with HTTP 401 status code, but it seems to work not properly (see comment to answer). Maybe the mechanism trac uses is the solution.

Can the credentials be deleted with JavaScript? Or with a combination of JavaScript and the status 401 trick?

like image 731
deamon Avatar asked Nov 12 '10 09:11

deamon

People also ask

How do I logout of HTTP basic authentication?

Basic Authentication wasn't designed to manage logging out. You can do it, but not completely automatically. What you have to do is have the user click a logout link, and send a '401 Unauthorized' in response, using the same realm and at the same URL folder level as the normal 401 you send requesting a login.

Where is basic auth stored?

You can store your Authorization header values in localStorage or sessionStorage. The value of Authorization header, stored in LocalStorage, will be automatically each time you make HTTP requests.

How safe is HTTP Basic Auth?

Note: The HTTP basic authentication scheme can be considered secure only when the connection between the web client and the server is secure. If the connection is insecure, the scheme does not provide sufficient security to prevent unauthorized users from discovering the authentication information for a server.

How do I set up HTTP basic authentication?

For HTTP basic authentication, each request must include an authentication header, with a base-64 encoded value. Where siteName is the company name you use to log in to Eloqua, and username and password are your Eloqua username and password.

1 Answers

Update: This solution does not seem to work anymore in many browsers. Kaitsu's comment:

This solution of sending false credentials to make browser forget the correct authenticated credentials doesn't work in Chrome (16) and IE (9). Works in Firefox (9).

Actually you can implement a workaround by sending false credentials to the service. This works in Browsers by sending another (non-existent?) Username without a password. The Browser loses the information about the authenticated credentials.

Example:

https://www.example.com/ => Log in with basic auth as "user1"

Now open

https://[email protected]/

You're Logged out. ;)

Regards

P.s.: But please test this with all needed Browsers before you rely on the given information.

like image 69
Jan. Avatar answered Sep 22 '22 12:09

Jan.
Sign in to Comment

Related questions

JavaScript, Generate a Random Number that is 9 numbers in length
Mongoose difference between .save() and using update()
React Native: How do you animate the rotation of an Image?
jquery smooth scroll to an anchor?
Disabling the context menu on long taps on Android
Datatables on-the-fly resizing
How to get all checked checkboxes
Is there a way to join the elements in an js array, but let the last separator be different?
Determining if all attributes on a javascript object are null or an empty string
How can I compare two sets of 1000 numbers against each other?
Javascript multiple replace [duplicate]
Express-mysql-session preventing passport deserializeUser from running
How to catch `WebSocket connection to 'ws://xxx:nn' failed: Connection closed before receiving a handshake response` error?
Javascript: document.execCommand cross-browser?
Debugging with webpack, ES6 and Babel
When to use a react framework such as Next or Gatsby vs Create React App [closed]
Get current page http status from javascript
Difference between the javascript String Type and String Object?
A Parser-blocking, cross-origin script is invoked via document.write - how to circumvent it?
UnhandledPromiseRejectionWarning: This error originated either by throwing inside of an async function without a catch block

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!