Log-out of secure area script

Discussion in 'HTML' started by Noel S Pamfree, Dec 2, 2006.

  1. Our website hosting company set up a secure directory for a link from our
    website. When anyone clicks on the link they are prompted for a username and
    password. It works well but the only way to log-out stopping the next person
    using a machine to have access is to close down the browser window.

    Unfortunately our webhosting company tells me they do not provide any
    scripts for logging-out. They have no objection to us uploading one.

    I am not an expert at this sort of thing and I have no idea how to do it.

    Any suggestions would be welcome.

    Noel
     
    Noel S Pamfree, Dec 2, 2006
    #1
    1. Advertising

  2. Hello,

    Noel S Pamfree wrote:

    > Our website hosting company set up a secure directory for a link from our
    > website. When anyone clicks on the link they are prompted for a username
    > and password. It works well but the only way to log-out stopping the next
    > person using a machine to have access is to close down the browser window.
    >
    > Unfortunately our webhosting company tells me they do not provide any
    > scripts for logging-out. They have no objection to us uploading one.
    >
    > I am not an expert at this sort of thing and I have no idea how to do it.
    >
    > Any suggestions would be welcome.


    It's not completely clear, how your login works. It could (a) be HTTP
    authentication or (b) some custom implementation involving a HTTP form and
    sessions.

    In case (b) you basicly have to clear the session data (a simple file or a
    row in a database) on the server.

    In case (a) there simply is no standartized way to 'logout'. HTTP is
    stateless, so there is no concept of a user session and no logging in or
    out. With HTTP authentication the browser has to send the user credentials
    (login/password) with every request. Browser just ask for the credentials
    once and (as long as they are accepted by the server) reuse them.
    So 'logging out' is essential telling the browser to forget the
    credentials. How this can be done is browser dependent. Closing the browser
    works in all browsers I know of. For FireFox there is an extension that
    lets you clear the stored crendentials. Other browsers may have similar
    tools, but there is no way for the server to trigger this action.

    And: closing the browser window, is the least thing one has to do, after
    using a shared computer to access private/protected data.


    HTH

    --
    Benjamin Niemann
    Email: pink at odahoda dot de
    WWW: http://pink.odahoda.de/
     
    Benjamin Niemann, Dec 2, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    1
    Views:
    611
    Larry Barowski
    Jun 27, 2005
  2. hotadvice
    Replies:
    14
    Views:
    709
    hotadvice
    Oct 2, 2007
  3. Andy B.
    Replies:
    0
    Views:
    813
    Andy B.
    Apr 30, 2010
  4. Leena Jethwa

    Create a log-in & log-out page

    Leena Jethwa, May 1, 2009, in forum: Ruby
    Replies:
    2
    Views:
    102
    Mike Stephens
    May 1, 2009
  5. Jim
    Replies:
    0
    Views:
    193
Loading...

Share This Page