StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POLogging a user out when using HTTP Basic authentication
primarykey
Id
6277919
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
7
CommunityOwnedDate
CreationDate
2011-06-08T11:18:48.273
FavoriteCount
11
LastActivityDate
2016-03-02T15:48:04.307
LastEditDate
2017-05-23T11:48:43.450
LastEditorUserId
-1
OwnerUserId
905
ParentId
0
PostTypeId
1
Score
22
ViewCount
20784
LastEditorDisplayName
text
Body
I want users to be able to log in via HTTP Basic authentication modes. The problem is that I also want them to be able to log out again - weirdly browsers just don't seem to support that. This is considered to be a social-hacking risk - user leaves their machine unlocked and their browser open and someone else can easily visit the site as them. Note that just closing the browser-tab is not enough to reset the token, so it could be an easy thing for users to miss. So I've come up with a workaround, but it's a total cludge: 1) Redirect them to a Logoff page 2) On that page fire a script to ajax load another page with dummy credentials: <pre><code>$j.ajax({ url: '<%:Url.Action("LogOff401", new { id = random })%>', type: 'POST', username: '<%:random%>', password: '<%:random%>', success: function () { alert('logged off'); } }); </code></pre> 3) That should always return 401 the first time (to force the new credentials to be passed) and then only accept the dummy credentials: <pre><code>[AcceptVerbs(HttpVerbs.Post)] public ActionResult LogOff401(string id) { // if we've been passed HTTP authorisation string httpAuth = this.Request.Headers["Authorization"]; if (!string.IsNullOrEmpty(httpAuth) && httpAuth.StartsWith("basic", StringComparison.OrdinalIgnoreCase)) { // build the string we expect - don't allow regular users to pass byte[] enc = Encoding.UTF8.GetBytes(id + ':' + id); string expected = "basic " + Convert.ToBase64String(enc); if (string.Equals(httpAuth, expected, StringComparison.OrdinalIgnoreCase)) { return Content("You are logged out."); } } // return a request for an HTTP basic auth token, this will cause XmlHttp to pass the new header this.Response.StatusCode = 401; this.Response.StatusDescription = "Unauthorized"; this.Response.AppendHeader("WWW-Authenticate", "basic realm=\"My Realm\""); return Content("Force AJAX component to sent header"); } </code></pre> 4) Now the random string credentials have been accepted and cached by the browser instead. When they visit another page it will try to use them, fail, and then prompt for the right ones. Note that my code examples are using jQuery and ASP.Net MVC, but the same thing should be possible with any technology stack. There's another way to do this in IE6 and above: <pre><code>document.execCommand("ClearAuthenticationCache"); </code></pre> However that clears all authentication - they log out of my site and they're logged out of their e-mail too. So that's out. Is there any better way to do this? I've seen <a href="https://stackoverflow.com/questions/31326">other</a> <a href="https://stackoverflow.com/questions/233507">questions</a> on this, but they're 2 years old - is there any better way now in IE9, FX4, Chrome etc? If there is no better way to do this can this cludge be relied upon? Is there any way to make it more robust?
Tags
<logout><http-basic-authentication><www-authenticate>
Title
Logging a user out when using HTTP Basic authentication
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USKeith
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POLogging a user out when using HTTP Basic authentication
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POLogging a user out when using HTTP Basic authentication
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POLogging a user out when using HTTP Basic authentication
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.