|
|
Posted by Benjamin Niemann on 12/02/06 21:40
Hello,
Noel S Pamfree wrote:
> Our website hosting company set up a secure directory for a link from our
> website. When anyone clicks on the link they are prompted for a username
> and password. It works well but the only way to log-out stopping the next
> person using a machine to have access is to close down the browser window.
>
> Unfortunately our webhosting company tells me they do not provide any
> scripts for logging-out. They have no objection to us uploading one.
>
> I am not an expert at this sort of thing and I have no idea how to do it.
>
> Any suggestions would be welcome.
It's not completely clear, how your login works. It could (a) be HTTP
authentication or (b) some custom implementation involving a HTTP form and
sessions.
In case (b) you basicly have to clear the session data (a simple file or a
row in a database) on the server.
In case (a) there simply is no standartized way to 'logout'. HTTP is
stateless, so there is no concept of a user session and no logging in or
out. With HTTP authentication the browser has to send the user credentials
(login/password) with every request. Browser just ask for the credentials
once and (as long as they are accepted by the server) reuse them.
So 'logging out' is essential telling the browser to forget the
credentials. How this can be done is browser dependent. Closing the browser
works in all browsers I know of. For FireFox there is an extension that
lets you clear the stored crendentials. Other browsers may have similar
tools, but there is no way for the server to trigger this action.
And: closing the browser window, is the least thing one has to do, after
using a shared computer to access private/protected data.
HTH
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de/
Navigation:
[Reply to this message]
|