Welcome to WebmasterWorld Guest from 107.21.163.40

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

.htaccess logout works

Apache login logout way to do it

     

FrankReinecke

8:11 pm on Jul 22, 2003 (gmt 0)

Inactive Member
Account Expired

 
 


Hi There!

Some time ago there were some questions about how to realize a logout from realms protected by .htaccess files without having to close the browser and empty all cached files (which most users don't do, even if they sould!).

Here's what I found out:

[I have read this one elsewhere and used it]

1. Create another realm which is protected by .htaccess
2. Create .htpasswd-file for it
3. Create a "dummy" user, mine is "logout:logout"

Now put a file into that directory that sends html-standard-code 401 Unauthorized! I do it using perl/cgi like this:


--- perl code ---

use CGI qw/:standard/;
print header(-status=>'401 Unauthorized');

--- end of code ---

Now you only have to create a link point to that file:


<a href="logout:logout@url://../logout.cgi">LOGOUT!</a>

.. and BANG it works!

You can even keep the browser running, the browser will even have some of the protected pages in cache, but every new "reload" causes a new authorization procedure!

I use this to protect an cgi-application that often changes values and is reloaded several times for this purpose (calls itself with changed input-field-values). For this kind of content it works perfectly!

Hope someone find's this helpful, I was puzzling a whole night to find that out - and it's soooo easy, once you know how it's done!

Anyway...

e-mail replies:

[edited by: jatar_k at 4:17 pm (utc) on July 23, 2003]
[edit reason] email in profile thanks [/edit]

9:31 pm on July 22, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 6, 2000
posts:904
votes: 0


Frank - thanks for that, looks like a good tip. It'll certainly come in handy when testing applications that rely on htaccess authorisation, when you want to 'be' multiple users...

Oh, and welcome to WebmasterWorld ;)

1:59 am on July 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 3, 2003
posts:159
votes: 0


This is definitely a useful technique, but doing it without external scripts, by sending a 401 response using mod_rewrite, would be even more elegant.

Is anyone doing this already?