what is the best way to logout the server?

cancel
Showing results for 
Search instead for 
Did you mean: 

what is the best way to logout the server?

427 Views
r_letourneur
Contributor III

The HTTP Server Authentication code is working fine! So now I would like to know what is the best way to logout the server???

I would like to recall the Authentification windows in the browser if the user try to click on a link after to logout.
Regis.

Labels (1)
Tags (1)
0 Kudos
1 Reply

116 Views
trailman
Contributor V

Hi,

 

In fact, the problem is "how to tell my browser to stop sending the authentification" that is sent in all its HTTP requests.

I've added a "logout" buton on my web page to logout.

Then I've tried, the following logout methods but they don't work (at leat with Firefox) .

- change the realm on server side : the browser was expected to request a new authentification for the new realm but it does not and keeps on sending the same authentification that is accepted by server.

- send status 401 to force the browser to forget the authentification : does not work and reloading a page on the browser still send the authentication

The only reliable solution is to close the browser.

 

But in addition, when I used MQX 3.4, I found a bug in the code (seems to also apply to MQX 3.7) : when an authentication was received it was kept by the server and reused for further requests even if no authentication was present in these requests.

As a result, once authentication was sent at least once, access was possible from any other browser without authentication, and closing a browser to force another authentication did not work.

 

To solve the problem, I had to edit rtcs/source/httpd/httpd.c in the BSP and added the following init to httpd_readreq() :

    /* Clear request fields before filling them to remove data from previous request (mainly auth/authPasswd) */
    session->request.path[0] = 0;
    session->request.urldata = "";
    session->request.auth[0] = 0;
    session->request.authPasswd = session->request.auth;
    session->request.method = HTTPD_REQ_UNKNOWN;
    session->request.content_len = 0;

just before

    // read the request