Welcome to WebmasterWorld Guest from 54.159.44.227

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

.htaccess logout works

Apache login logout way to do it

     

FrankReinecke

8:11 pm on Jul 22, 2003 (gmt 0)



Hi There!

Some time ago there were some questions about how to realize a logout from realms protected by .htaccess files without having to close the browser and empty all cached files (which most users don't do, even if they sould!).

Here's what I found out:

[I have read this one elsewhere and used it]

1. Create another realm which is protected by .htaccess
2. Create .htpasswd-file for it
3. Create a "dummy" user, mine is "logout:logout"

Now put a file into that directory that sends html-standard-code 401 Unauthorized! I do it using perl/cgi like this:


--- perl code ---

use CGI qw/:standard/;
print header(-status=>'401 Unauthorized');

--- end of code ---

Now you only have to create a link point to that file:


<a href="logout:logout@url://../logout.cgi">LOGOUT!</a>

.. and BANG it works!

You can even keep the browser running, the browser will even have some of the protected pages in cache, but every new "reload" causes a new authorization procedure!

I use this to protect an cgi-application that often changes values and is reloaded several times for this purpose (calls itself with changed input-field-values). For this kind of content it works perfectly!

Hope someone find's this helpful, I was puzzling a whole night to find that out - and it's soooo easy, once you know how it's done!

Anyway...

e-mail replies:

[edited by: jatar_k at 4:17 pm (utc) on July 23, 2003]
[edit reason] email in profile thanks [/edit]

sugarkane

9:31 pm on Jul 22, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Frank - thanks for that, looks like a good tip. It'll certainly come in handy when testing applications that rely on htaccess authorisation, when you want to 'be' multiple users...

Oh, and welcome to WebmasterWorld ;)

Storyteller

1:59 am on Jul 23, 2003 (gmt 0)

10+ Year Member



This is definitely a useful technique, but doing it without external scripts, by sending a 401 response using mod_rewrite, would be even more elegant.

Is anyone doing this already?

 

Featured Threads

Hot Threads This Week

Hot Threads This Month