How to log out user from web site using BASIC authentication?

后端 未结 22 1460
感情败类
感情败类 2020-11-22 04:00

Is it possible to log out user from a web site if he is using basic authentication?

Killing session is not enough, since, once user is authenticated, each request co

相关标签:
22条回答
  • 2020-11-22 04:42

    The following function is confirmed working for Firefox 40, Chrome 44, Opera 31 and IE 11.
    Bowser is used for browser detection, jQuery is also used.

    - secUrl is the url to a password protected area from which to log out.
    - redirUrl is the url to a non password protected area (logout success page).
    - you might wish to increase the redirect timer (currently 200ms).

    function logout(secUrl, redirUrl) {
        if (bowser.msie) {
            document.execCommand('ClearAuthenticationCache', 'false');
        } else if (bowser.gecko) {
            $.ajax({
                async: false,
                url: secUrl,
                type: 'GET',
                username: 'logout'
            });
        } else if (bowser.webkit) {
            var xmlhttp = new XMLHttpRequest();
            xmlhttp.open("GET", secUrl, true);
            xmlhttp.setRequestHeader("Authorization", "Basic logout");
            xmlhttp.send();
        } else {
            alert("Logging out automatically is unsupported for " + bowser.name
                + "\nYou must close the browser to log out.");
        }
        setTimeout(function () {
            window.location.href = redirUrl;
        }, 200);
    }

    0 讨论(0)
  • 2020-11-22 04:42
        function logout(secUrl, redirUrl) {
            if (bowser.msie) {
                document.execCommand('ClearAuthenticationCache', 'false');
            } else if (bowser.gecko) {
                $.ajax({
                    async: false,
                    url: secUrl,
                    type: 'GET',
                    username: 'logout'
                });
            } else if (bowser.webkit) {
                var xmlhttp = new XMLHttpRequest();
                xmlhttp.open("GET", secUrl, true);
                xmlhttp.setRequestHeader("Authorization", "Basic logout");
                xmlhttp.send();
            } else {
                alert("Logging out automatically is unsupported for " + bowser.name
                    + "\nYou must close the browser to log out.");
            }
            setTimeout(function () {
                window.location.href = redirUrl;
            }, 200);
        }
    0 讨论(0)
  • 2020-11-22 04:45

    This isn't directly possible with Basic-Authentication.

    There's no mechanism in the HTTP specification for the server to tell the browser to stop sending the credentials that the user already presented.

    There are "hacks" (see other answers) typically involving using XMLHttpRequest to send an HTTP request with incorrect credentials to overwrite the ones originally supplied.

    0 讨论(0)
  • 2020-11-22 04:46

    This is working for IE/Netscape/Chrome :

          function ClearAuthentication(LogOffPage) 
      {
         var IsInternetExplorer = false;    
    
         try
         {
             var agt=navigator.userAgent.toLowerCase();
             if (agt.indexOf("msie") != -1) { IsInternetExplorer = true; }
         }
         catch(e)
         {
             IsInternetExplorer = false;    
         };
    
         if (IsInternetExplorer) 
         {
            // Logoff Internet Explorer
            document.execCommand("ClearAuthenticationCache");
            window.location = LogOffPage;
         }
         else 
         {
            // Logoff every other browsers
        $.ajax({
             username: 'unknown',
             password: 'WrongPassword',
                 url: './cgi-bin/PrimoCgi',
             type: 'GET',
             beforeSend: function(xhr)
                     {
                xhr.setRequestHeader("Authorization", "Basic AAAAAAAAAAAAAAAAAAA=");
             },
    
                     error: function(err)
                     {
                        window.location = LogOffPage;
                 }
        });
         }
      }
    
    
      $(document).ready(function () 
      {
          $('#Btn1').click(function () 
          {
             // Call Clear Authentication 
             ClearAuthentication("force_logout.html"); 
          });
      });          
    
    0 讨论(0)
  • 2020-11-22 04:47

    An addition to the answer by bobince ...

    With Ajax you can have your 'Logout' link/button wired to a Javascript function. Have this function send the XMLHttpRequest with a bad username and password. This should get back a 401. Then set document.location back to the pre-login page. This way, the user will never see the extra login dialog during logout, nor have to remember to put in bad credentials.

    0 讨论(0)
  • 2020-11-22 04:48
     function logout(url){
        var str = url.replace("http://", "http://" + new Date().getTime() + "@");
        var xmlhttp;
        if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
        else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        xmlhttp.onreadystatechange=function()
        {
            if (xmlhttp.readyState==4) location.reload();
        }
        xmlhttp.open("GET",str,true);
        xmlhttp.setRequestHeader("Authorization","Basic xxxxxxxxxx")
        xmlhttp.send();
        return false;
    }
    
    0 讨论(0)
提交回复
热议问题