[KLUG Members] Apache authentication

Adam Tauno Williams adam at morrison-ind.com
Wed May 25 08:41:52 EDT 2005

Previous message: [KLUG Members] Apache authentication
Next message: [KLUG Members] KLUG Meeting Notes for May 24, 2005 Posted
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> would the .htaccess method allow users to logout after a session?

No, at least not directly.

> What would need to be added to give that functionality?

There are a couple of ways to trick the browser into logging out.

http://www.ssi-developer.net/htaccess/htaccess_logout.shtml


Or a cut-n-paste from my notes (cut-n-pasted from elsewhere no doubt):

To force a logout, create a /logout folder with a different
user/password setup. The logout link would be:
http://logout:logout@www.yoursite.c...out/logout.html
In logout.html just does a http-redirect with value 0 back to the main
site.
Since a browser can only hold one authentication, it effectively changes
the user to logout:logout which is not a valid user for the rest of the
site. Then if the user tries to go to the protected area, they get a
browser login box because the brower thinks they are logout:logout which
is not valid for the protected area.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20050525/05e7c26d/attachment.bin

Previous message: [KLUG Members] Apache authentication
Next message: [KLUG Members] KLUG Meeting Notes for May 24, 2005 Posted
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list