Log-out of secure area script

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Our website hosting company set up a secure directory for a link from our
website. When anyone clicks on the link they are prompted for a username and
password. It works well but the only way to log-out stopping the next person
using a machine to have access is to close down the browser window.

Unfortunately our webhosting company tells me they do not provide any
scripts for logging-out. They have no objection to us uploading one.

I am not an expert at this sort of thing and I have no idea how to do it.

Any suggestions would be welcome.


Re: Log-out of secure area script


Noel S Pamfree wrote:

Quoted text here. Click to load it

It's not completely clear, how your login works. It could (a) be HTTP
authentication or (b) some custom implementation involving a HTTP form and

In case (b) you basicly have to clear the session data (a simple file or a
row in a database) on the server.

In case (a) there simply is no standartized way to 'logout'. HTTP is
stateless, so there is no concept of a user session and no logging in or
out. With HTTP authentication the browser has to send the user credentials
(login/password) with every request. Browser just ask for the credentials
once and (as long as they are accepted by the server) reuse them.
So 'logging out' is essential telling the browser to forget the
credentials. How this can be done is browser dependent. Closing the browser
works in all browsers I know of. For FireFox there is an extension that
lets you clear the stored crendentials. Other browsers may have similar
tools, but there is no way for the server to trigger this action.

And: closing the browser window, is the least thing one has to do, after
using a shared computer to access private/protected data.


Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de /

Site Timeline