Apologies if this is not quite the correct ng to be asking this
question and sorry to be so vague in what I'm asking, but can anyone
give me any pointers to implementing a logout button from a secure web
site. Ie I want to supply a means to users of our staff extranet so
that their sessions may be closed securely at will. They login with a
user name and password and then they can end the session so that the
browser returns to a page outside of the secure area of the extranet
and the password is removed from their cache.
TIA
4  3337 
gary thomson wrote: Apologies if this is not quite the correct ng to be asking this
question and sorry to be so vague in what I'm asking, but can anyone
give me any pointers to implementing a logout button from a secure web
site. Ie I want to supply a means to users of our staff extranet so
that their sessions may be closed securely at will. They login with a
user name and password and then they can end the session so that the
browser returns to a page outside of the secure area of the extranet
and the password is removed from their cache.
A session ties various stateless HTTP requests by sharing some data across
these requests. This is done preferably on the server side using session
variables in PHP, ASP or whatever. These session variables are saved
somewhere, eg. in a file. When someone logs out the store with the session
variables simply has to be deleted. How this is done depends on the
technology used. Therefore it might be better to ask in a PHP, ASP or
whatever group.
HTH,
Boris
On Mon, 7 Jun 2004, Boris wrote: A session ties various stateless HTTP requests by sharing some data across
these requests.
Right (though I'm not sure what this is doing in a specifically "HTML"
authoring group).
This is done preferably on the server side
Eh? HTTP itself is stateless: maintainence of state *has* to be a
co-operative process in which the "sharing" takes place between
both sides of the conversation. I.e passing some kind of unique token
to and fro between server and client.
using session variables in PHP, ASP or whatever.
I agree with the "or whatever". Although the implementation details
may vary, they are all based in the same underlying principles.
By the way, don't confuse this kind of thing with the "basic
authentication" mechanism of HTTP. Basic authentication doesn't
involve maintenance of state: the browser gets to learn, via the
exchange of 401 status, which basic credentials are appropriate for
accessing different parts of a site, and will then continue to supply
them auomatically, without any exchange of status information with the
server. Normally, that's done with credentials which remain stable
for long periods, and there's no particular defined mechanism for the
server to tell the client that it should forget a particular set of
credentials: that's something between the user and their browser.
This mechanism can be adapted by having the server report that the
credentials are no longer valid. But it's not a particularly robust
way of managing time-limited sessions, IMHO.
These session variables are saved somewhere, eg. in a file. When
someone logs out the store with the session variables simply has to
be deleted. How this is done depends on the technology used.
Therefore it might be better to ask in a PHP, ASP or whatever group.
Agreed; but the underlying principles (of passing a token to and fro
between client and server) are the same no matter how they're
implemented in detail on the server side.
Alan J. Flavell wrote: On Mon, 7 Jun 2004, Boris wrote:
A session ties various stateless HTTP requests by sharing some data
across these requests.
Right (though I'm not sure what this is doing in a specifically "HTML"
authoring group).
This is done preferably on the server side
Eh? HTTP itself is stateless: maintainence of state *has* to be a
co-operative process in which the "sharing" takes place between
both sides of the conversation. I.e passing some kind of unique token
to and fro between server and client.
Yes. I only stressed server side as the OP said something with "password is
removed from their cache" (which sounded to me like a store on users'
machines).
Boris
[...]
On Mon, 7 Jun 2004, Boris wrote: Alan J. Flavell wrote: On Mon, 7 Jun 2004, Boris wrote:
This is done preferably on the server side
Eh? HTTP itself is stateless: maintainence of state *has* to be a
co-operative process in which the "sharing" takes place between
both sides of the conversation. I.e passing some kind of unique token
to and fro between server and client.
Yes. I only stressed server side as the OP said something with "password is
removed from their cache" (which sounded to me like a store on users'
machines).
I see, thanks! If I misinterpreted what you were saying, then
please accept my apology. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: konsu |
last post by:
hello,
i need to implement a secure web site in php and mysql but i have just
started looking at php a few days ago, and i would appreciate any advice
from the experts.
the site, as i said,...
|
by: Barry Margolin |
last post by:
Can I do the following with Javascript?
My state has a web site that can be used for online filing for
unemployment benefits. Every week I have to go to the site and fill in
a form, checking...
|
by: crescent_au |
last post by:
Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE,...
|
by: shrik |
last post by:
hi everybody.
I have following problem.
There are two pages. index.jsp and main.jsp in my application
Index.jsp contains logging interface in .
It submits password and userid to loginform bean.
...
|
by: camilin87 |
last post by:
hello.
I'm building a site using php I have a setup.php page wich has at the
begining session_start();
and every single page from my site includes setup.php. When a user
registers I save in...
|
by: Kandiman |
last post by:
Hiya, i made a asp page, and one of my divs (as a include) is as below. the problem is if the main page is resubmitted, i get logged out again?...
heres the code.. i think its on the value=true...
|
by: Adrock952 |
last post by:
I have a link on my site which obviously says "Login" where users log in.
I would like that link to be changed to "Logout" when the user has successfully logged in and the session has been created...
|
by: DavidPr |
last post by:
When I logout as one user and log in under a different user, it opens with the last user's information.
User 1 - Unsername: Davey Jones
User 2 - Unsername: David Smith
I log out from Davey...
|
by: phpmagesh |
last post by:
Hi to all,
I have created a page with login and logout. i used session to register the login user and when he clicks in logout, it will destroy the session.
this is nice but if system is...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
