[ale] OT: How to serve a clean web logout?
James Sumners
james.sumners at gmail.com
Tue Jan 30 10:40:20 EST 2007
Usually you mark them as logged out in the session or just plain
delete the session. Your login script should be checking to see if
their session time has expired (if it does), if they are currently
logged in, and if they even have a session at all.
On 1/30/07, John Mills <johnmills at speakeasy.net> wrote:
> ALErs -
>
> I'm working on a web server tool that logs users in for https sessions,
> but is rather clumsy when they log out. The present 'logout' button sets
> itself up as a bogus UN/PW, then tosses a javascript fragment to
> 'document.execCommand(\"ClearAuthenticationCache\");'. This leaves the
> user stuck with the ususable UN/PW and openSSL doesn't prompt with a new
> login panel.
>
> If you stop your brower, start it again, and open the site, the login is
> smooth.
>
> I would like to have a simple, clean 'https' login/logout combination
> that would work with Mozilla, Firefox, Netscape, and - yes - even IE.
>
> TIA for any web-monkey's solutions.
>
> - John Mills
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
More information about the Ale
mailing list