Thanks for explaining the login process. It looks like you make use of Basic Auth for the login. I think you should be able to destroy the saved state if you login using another username and password.
Could you try doing this ?
Open this URL, http://username:password@yoursite.com in netsurf.
Could you try a couple of cases ?
One, a username password which is valid but different from the saved one.
A different (invalid) username password combo.
I am hoping the invalid combo forces the login window next time (or locks you out).
On May 12, 2016 10:31 PM, "Jim Nagel" <netsurf@abbeypress.co.uk> wrote:
>
> Ashish Gupta wrote on 12 May:
> > It would help if you could elaborate on this login process that your
> > site relies on.
>
> It's a pretty simple PHP script that asks for a username and password.
> The user submits* these, the PHP checks against its list of authorized
> users, if there's a match you're in.
>
> The username and password are input via a standard dialogue box, which
> I guess is provided by the OS or by the browser -- the RiscOS box is
> most familiar to me.
> I also tested with Firefox on Windows and saw an equivalent box
> there, followed by a popup box that asked if I want Firefox to
> remember the details for next time; I said no. RiscOS had no such
> popup.
> Also tested with the default browser on my Android phone: again an
> equivalent login box. Tried that one again just now (two or three
> hours after first access): I'm straight in without being asked for
> username and password.
>
>
> > I am also curious to know how a session is maintained as you mentioned
> > that cookies are not used.
>
> Exactly what I too am curious about.
> When I asked my PHP guru about this, he said HTML is "stateless" --
> meaning, I think, that HTML itself does not register the state of
> logged-in-ness.
>
> --
> Jim Nagel www.archivemag.co.uk
No comments:
Post a Comment