| View previous topic :: View next topic |
| Author |
Message |
dogsiwoo
-
Joined: 23 Oct 2005
Posts: 4
|
 Posted: Sun Oct 23, 2005 12:39 pm Post subject: Logout Button |
 |
|
Hi all,
First off, I have been runnning a web server for about 2 weeks using Fastream.com's web server, but yesterday I migrated to X1 and so far, there is no way I'm looking back! Anywho...Down to business...
I have a page on my site where I need certain users to log in. I have set up the request for the logon box to pop up using the "Password Protected Virtual Paths" but need a button on the login accessed pages to allow the user to logout. I have tried just closing the browser (FF and IE) but this does not log me out. Is there a way to do this? I'm a complete code newbie btw.
Thanks,
Karl |
|
| Back to top |
  |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Sun Oct 23, 2005 1:09 pm Post subject: |
|
|
The easiest way to get around this would be to use a simple php login script. Once the browser is closed there is nothing you can do to get back to the page (providing you make every page check that you have used the login script to get in).
Not sure if you can logout with the other method.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
 |
|
dogsiwoo
-
Joined: 23 Oct 2005
Posts: 4
|
| Posted: Sun Oct 23, 2005 1:13 pm Post subject: |
|
|
I see...How do I implement one? Is there a newbies guide to doing it?
Btw Andy, your Site looks great! I've heard that NTHell are aiming to get us all on 10Mb by the end of the year...Doubt they will though... |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Sun Oct 23, 2005 1:15 pm Post subject: |
|
|
Its by the end of next year for 10Mbps for all customers. 3Mbps customers by the end of this year...
You would have to find a simple login script from google or such like. That would be the easiest way.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sun Oct 23, 2005 1:34 pm Post subject: Re: Logout Button |
|
|
| dogsiwoo wrote: | | I have a page on my site where I need certain users to log in. I have set up the request for the logon box to pop up using the "Password Protected Virtual Paths" but need a button on the login accessed pages to allow the user to logout. I have tried just closing the browser (FF and IE) but this does not log me out. Is there a way to do this? I'm a complete code newbie btw. |
The first time you access a password protected page, the server sends an error code to the browser meaning that the page needs a password. So the browser displays the login/password dialog and resends a new request with the password in it.
When you access the page later, your browser will do things in a smart way. It will send the last known valid password that you've used to access this page with the request.
So actually, every request is validated with the password in the background and there is no notion of user session with password protected files. It's simply your browser who anticipates and send the known password instead of asking you for it on every page access.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
dogsiwoo
-
Joined: 23 Oct 2005
Posts: 4
|
| Posted: Sun Oct 23, 2005 1:50 pm Post subject: |
|
|
| Interesting...Is there a way to stop that? |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Mon Oct 24, 2005 7:14 am Post subject: |
|
|
| dogsiwoo wrote: | | Interesting...Is there a way to stop that? |
Stop what exactly?
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
dogsiwoo
-
Joined: 23 Oct 2005
Posts: 4
|
| Posted: Mon Oct 24, 2005 10:59 am Post subject: |
|
|
| Thanks for the help guys. I fixed it using some password lock software. It allowed me to configure it so the cookie expires upon leaving the protected area. |
|
| Back to top |
|
|
MrNomer
-
Joined: 12 Apr 2003
Posts: 1
|
| Posted: Thu Oct 27, 2005 6:35 am Post subject: Re: Logout Button |
|
|
| aprelium wrote: | | dogsiwoo wrote: | | I have a page on my site where I need certain users to log in. I have set up the request for the logon box to pop up using the "Password Protected Virtual Paths" but need a button on the login accessed pages to allow the user to logout. I have tried just closing the browser (FF and IE) but this does not log me out. Is there a way to do this? I'm a complete code newbie btw. |
The first time you access a password protected page, the server sends an error code to the browser meaning that the page needs a password. So the browser displays the login/password dialog and resends a new request with the password in it.
When you access the page later, your browser will do things in a smart way. It will send the last known valid password that you've used to access this page with the request.
So actually, every request is validated with the password in the background and there is no notion of user session with password protected files. It's simply your browser who anticipates and send the known password instead of asking you for it on every page access. |
If I understand this... you're describing basic (or digest?) authentication, yes? Any plans to integrate a 'state management mechanism'? http://www.w3.org/Protocols/rfc2109/rfc2109
Is there a way to to clear authentication? i.e. can client / abyss be tricked by sending faulty uid / pwd?
(edited later... I tried loading http://faulty:faulty@domain.com after a successful login... no dice... it seems once a user is auth'd... he stays that authorized! Looks like I'll be coding Perl to change users.)
regards - Nomi |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Oct 27, 2005 3:48 pm Post subject: Re: Logout Button |
|
|
| MrNomer wrote: | If I understand this... you're describing basic (or digest?) authentication, yes? Any plans to integrate a 'state management mechanism'? http://www.w3.org/Protocols/rfc2109/rfc2109
Is there a way to to clear authentication? i.e. can client / abyss be tricked by sending faulty uid / pwd?
|
Abyss Web Server uses now Basic authentication in its integrated password protection. You can use cookies in scripts but the integrated password protection does not use it.
With basic authentication, each request is authenticated so there is no way to trick it.
| MrNomer wrote: | | (edited later... I tried loading http://faulty:faulty@domain.com after a successful login... no dice... it seems once a user is auth'd... he stays that authorized! Looks like I'll be coding Perl to change users.) |
New versions of IE no more support embedding login/password in the URL. See http://support.microsoft.com/kb/834489 for detailed information.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
