Howto logout from basic HTTP Authentication

Thiago Macieira thiago at kde.org
Fri Dec 25 13:09:51 GMT 2009 

Em Quinta-feira 24. Dezembro 2009, às 20.40.46, David Faure escreveu:
> On Sunday 29 November 2009, Matthias Meyer wrote:
> > How the solution work for Mozilla/Firefox?
> > The User "logout" is not within my /etc/backuppc/htpasswd. Therefore
> >  Mozilla will get a 401 and the browser will ask for username/password if
> >  the page will be accessed again.
> 
> This sounds strange; why should the unauthorized ".logout_mozilla" file
>  make the browser forget the authorization for the current page?
> 
> The website says "xmlhttp.abort() aborts the sending request, but the
>  browser did not get the response. Thus, keeps wrong credentials on cache
> window.redirect". Sounds very fragile and implementation dependent to me...
> As far as I can see in kio_http, it only saves successful credentials, not
> non-working ones, which, well, seems quite sensible in general ;-)
> 
> > Unfortunately that do not work for Mozilla/Konqueror.
> > Any hint how to get Konqueror to forgot his credentials?
> 
> I can't think of a way with the current code. It says that only expiry or
> closing the window (or a DBUS call, not available to webpages) can lead to
>  an authentication being removed from kpasswdserver. Ah, well, your trick
>  is to add a wrong auth, not to remove the auth, but still
> 
> Maybe this is something that should be added to a W3C standard? Rigo? ;)

Everywhere I know, logging out involves sending one 401 to the browser when it 
requests the page with the credentials that we want to expire. If konqueror 
only caches successful authentications, making the one it's using non-
successful should make it forget.

I noticed that KGet with kio_http doesn't do that. It was doing a storm of 
requests to a webserver that was replying with 401. Instead of asking me the 
password again, it just kept sending the same expired credentials.

(Or was it a 403? It was doing a storm of requests)

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20091225/6f2e6325/attachment.sig>

More information about the kfm-devel mailing list