Howto logout from basic HTTP Authentication
David Faure
faure at kde.org
Thu Dec 24 22:40:46 GMT 2009
On Sunday 29 November 2009, Matthias Meyer wrote:
> How the solution work for Mozilla/Firefox?
> The User "logout" is not within my /etc/backuppc/htpasswd. Therefore
> Mozilla will get a 401 and the browser will ask for username/password if
> the page will be accessed again.
This sounds strange; why should the unauthorized ".logout_mozilla" file make
the browser forget the authorization for the current page?
The website says "xmlhttp.abort() aborts the sending request, but the browser
did not get the response. Thus, keeps wrong credentials on cache
window.redirect". Sounds very fragile and implementation dependent to me...
As far as I can see in kio_http, it only saves successful credentials, not
non-working ones, which, well, seems quite sensible in general ;-)
> Unfortunately that do not work for Mozilla/Konqueror.
> Any hint how to get Konqueror to forgot his credentials?
I can't think of a way with the current code. It says that only expiry or
closing the window (or a DBUS call, not available to webpages) can lead to an
authentication being removed from kpasswdserver. Ah, well, your trick is to
add a wrong auth, not to remove the auth, but still
Maybe this is something that should be added to a W3C standard? Rigo? ;)
--
David Faure, faure at kde.org, http://www.davidfaure.fr
Sponsored by Nokia to work on KDE, incl. Konqueror (http://www.konqueror.org).
More information about the kfm-devel
mailing list