BasicLogout

<< | Cookbook-V1 | >>

Note: The recipes here are for PmWiki versions 0.6 and 1.0 only. For PmWiki 2.0 recipes, see Cookbook.


Goal

Logout from basic authentication (htaccess) realm without closing the browser.

Solution

Add the following lines to local.php:

    SDV($HandleActions['logout'],'HandleLogout');
    function HandleLogout($pagename) {
        global $AuthRealmFmt,$AuthDeniedFmt;
        $realm=FmtPageName($AuthRealmFmt,$pagename);
        header("WWW-Authenticate: Basic realm=\"$realm\"");
        header("Status: 403 Forbidden");
        header("HTTP-Status: 403 Forbidden");
        PrintFmt($pagename, '<html><head><meta http-equiv="pragma" content="no-cache">
	                     <meta http-equiv="expires" content="0"></head><body>
			     Please reload this page for logout and clear the browser cache.
			     </body></html>');
        exit;
    } 

Add the option "?action=logout" to wiki pages links.

Discussion

In some internet cafes it isn't possible to close the browser window or access internet options for clearing the password cache of the browser.

With this function it is possible to send an authentication error to the browser, which in most cases causes it (at least Internet Explorer and Mozilla) to remove the password for the current realm from cache.

As a matter of fact, the user has to logout for each realm (i.e. group) he has logged in within the session.

Note

User authorization provides a logout function (see UserAuth). Don't try to implement both UserAuth and BasicLogout.

Contributors

  • Reinhard Hofmann

pmwiki-2.3.32 -- Last modified by {{Constantin Basturea}}

from IP: 85.171.160.186 ip should be disabled by default for security reasons