Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: Rudi on March 13, 2020, 11:22:25 AM

Title: Logout from an password protected ibay!?
Post by: Rudi on March 13, 2020, 11:22:25 AM

I am using the Password protection for entering an ibay via https.
So i can now login with the ibay name and a password.

BUT: How can i or another user loggout from the ibay?
Is there a script that i can put into my Website to trigger the Logout?
 

Thanks in advance for any usefull answer :-)

Title: Re: Logout from an password protected ibay!?
Post by: mmccarn on March 13, 2020, 11:53:53 AM

I found this (somewhat depressing) answer in stackoverflow, indicating that the "basic auth" used by ibays does not include any logout function:
https://stackoverflow.com/questions/1163868/how-to-logout-when-using-htaccess-and-htpasswd-authentication

The problem is that the user credentials are cached by the remote browser, and there is no way for the server to force those cached credentials to timeout or to invalidate them.

They suggest creating a 'logout' button that links specifically back to the same ibay with a bad username included in the URL, eg: https://logout@my.smeserver.tld/ibayname.

Title: Re: Logout from an password protected ibay!?
Post by: Rudi on March 13, 2020, 12:02:29 PM

Quote from: mmccarn on March 13, 2020, 11:53:53 AM

They suggest creating a 'logout' button that links specifically back to the same ibay with a bad username included in the URL, eg: https://logout@my.smeserver.tld/ibayname.

You are the master! You just ended serveral hours of desperate searching!
Thanks.
This actually works great!

Title: Re: Logout from an password protected ibay!?
Post by: ReetP on March 13, 2020, 02:53:46 PM

I had some stuff recently for a form I wanted a 'once only' usage.

It is quite hard.

Setting some Session cookies is one way, preventing using a back button as well like this which forces a reload rather than back I think:

A few snippets from the file might give you some ideas of where else to look (I haven't got the original links)

Code: [Select]

    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");

    header('Location: index.php'); //to redirect to another page or back to itself


Code: [Select]

<script type="text/javascript">
    if (window.performance && window.performance.navigation.type == window.performance.navigation.TYPE_BACK_FORWARD) {
        location.reload();
    }
</script>


Code: [Select]

$cookie_value = "visited";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

if(!isset($_COOKIE[$cookie_name])) {
//    echo "Cookie named '" . $cookie_name . "' is not set!";
    if (!isset ($_SESSION['formToken']) || $_POST['formToken'] !== $_SESSION['formToken'] ) {
       $_SESSION['formToken'] = $_POST['formToken'];
      /*continue form processing */
}