Thread: htaccess and login
View Single Post
  #8 (permalink)  
Old 08-07-2007, 02:14 AM
e-dvertising's Avatar
e-dvertising e-dvertising is offline
WebProWorld New Member
  
Join Date: Oct 2005
Location: Graz / Austria / EC
Posts: 17
e-dvertising RepRank 0
Lightbulb Re: htaccess and login
As far as I know and understand .htaccess there is no possibility to logout from an htaccess-protected area, you have to close the browsers window (in FF you have to close _all_ windows!) to make the browser "forget" the login-information for that session.

So if you want do have a solution with "logout" you have to go for
- Session-IDs
- Cookies
- Combination SID and Cookie
...


Annotation: don't use a redirect or anything else like http://usernameassword@... in public 'cause that may cause to get the user/pass-combination in some browsers or even servers logs and history (e.g. some toolbars log that even to search engine results) and that might open up parts of protected areas.
__________________
http://e-dvertising.at/ : e-dvertising - Hinterdorfer & Edlinger OG
advertising | werbung - webdesign - fullservice - cms . Graz - Zeltweg / Austria
Last edited by e-dvertising; 08-07-2007 at 02:36 AM.
Reply With Quote