Koozali.org formerly Contribs.org

Logout from an password protected ibay!?

Offline Rudi

Logout from an password protected ibay!?
« on: March 13, 2020, 11:22:25 AM »
I am using the Password protection for entering an ibay via https.
So i can now login with the ibay name and a password.

BUT: How can i or another user loggout from the ibay?
Is there a script that i can put into my Website to trigger the Logout?
 

Thanks in advance for any usefull answer :-)

Offline mmccarn

  • *
  • 2,557
Re: Logout from an password protected ibay!?
« Reply #1 on: March 13, 2020, 11:53:53 AM »
I found this (somewhat depressing) answer in stackoverflow, indicating that the "basic auth" used by ibays does not include any logout function:
https://stackoverflow.com/questions/1163868/how-to-logout-when-using-htaccess-and-htpasswd-authentication

The problem is that the user credentials are cached by the remote browser, and there is no way for the server to force those cached credentials to timeout or to invalidate them.

They suggest creating a 'logout' button that links specifically back to the same ibay with a bad username included in the URL, eg: https://logout@my.smeserver.tld/ibayname.


Offline Rudi

Re: Logout from an password protected ibay!?
« Reply #2 on: March 13, 2020, 12:02:29 PM »
They suggest creating a 'logout' button that links specifically back to the same ibay with a bad username included in the URL, eg: https://logout@my.smeserver.tld/ibayname.

You are the master! You just ended serveral hours of desperate searching!
Thanks.
This actually works great!

Offline ReetP

  • *
  • 2,793
Re: Logout from an password protected ibay!?
« Reply #3 on: March 13, 2020, 02:53:46 PM »
I had some stuff recently for a form I wanted a 'once only' usage.

It is quite hard.

Setting some Session cookies is one way, preventing using a back button as well like this which forces a reload rather than back I think:

A few snippets from the file might give you some ideas of where else to look (I haven't got the original links)


Code: [Select]
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");

    header('Location: index.php'); //to redirect to another page or back to itself

Code: [Select]
<script type="text/javascript">
    if (window.performance && window.performance.navigation.type == window.performance.navigation.TYPE_BACK_FORWARD) {
        location.reload();
    }
</script>

Code: [Select]
$cookie_value = "visited";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

if(!isset($_COOKIE[$cookie_name])) {
//    echo "Cookie named '" . $cookie_name . "' is not set!";
    if (!isset ($_SESSION['formToken']) || $_POST['formToken'] !== $_SESSION['formToken'] ) {
       $_SESSION['formToken'] = $_POST['formToken'];
      /*continue form processing */
}


...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation