document.execCommand("ClearAuthenticationCache")

Discuss how to use and promote Web standards with the Mozilla Gecko engine.
jodm
Posts: 3
Joined: January 11th, 2006, 8:46 am
Location: London , UK
Contact:

document.execCommand("ClearAuthenticationCache")

Post by jodm »

I'am looking for the Firefox equivalent of this. I am trying to clear the HTTP authentication cache from the browers after using it for a PHP login.

I.E 5.5+ uses - document.execCommand("ClearAuthenticationCache")

But this does not seems to work with Firefox - Although php.net i got it from said it works with Firefox 1 and greater.

Other forums say that the only way to clear this is to use "java" , I have found you can use an extension call "Web developer toolbar" but i would like to make it so the user can logout themselfs by NOT closing the browser and being able to click a "log out" button on my site !

If anyone has any tips on this they would be greatly appriciated as i am loosing my hair more and more by the minute with this problem ! :o)

Thanks

James
James Mitchell

-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
User avatar
jqp
Posts: 5070
Joined: November 17th, 2004, 10:56 am
Location: In a box
Contact:

Post by jqp »

i would like to make it so the user can logout themselfs by NOT closing the browser and being able to click a "log out" button on my site !


I assume you're using a session. There's an example here on how to kill the session.
jodm
Posts: 3
Joined: January 11th, 2006, 8:46 am
Location: London , UK
Contact:

Post by jodm »

No, i am using the HTTP authentication in PHP - header("www-authenticate...)

The user name and password is stored in the browser cache. document.execCommand("ClearAuthenticationCache") clears it in IE but does not in Firefox...

Have a look... use IE and Firefox : www.kashoo.co.uk/ntlogin.php (there is no username and password use anything to login for the time being)

Thanks

James
James Mitchell

-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
Ilanio
Posts: 7
Joined: January 25th, 2006, 7:23 pm

Same problem

Post by Ilanio »

I´m having the same problem:

I´m using http-authentication.

The first time the user access my page he is asked for username and password through browser authentication box.

After user leaves the site using a logoff page, if he/she doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.

Working with Internet Explorer, if I use the javascript code document.execCommand("ClearAuthenticationCache") on logoff page (like <body onLoad="document.execCommand('ClearAuthenticationCache')">), when the user comes back to site, a new authentication box is displayed, because authentication information was cleared from cache.

I was looking for a way to make the same thing on Firefox. There´s a way to do this? If not can you add this feature (Clear HTTP Authentication Information using JavaScript) in new versions of Firefox?
Will Rickards WT
Posts: 288
Joined: October 9th, 2003, 1:21 pm

Post by Will Rickards WT »

Ilanio
Posts: 7
Joined: January 25th, 2006, 7:23 pm

Post by Ilanio »

These topics only solve the problem by adding a UI menu item that clears the authentication cache when the user clicks it.

But, I need a way to perform this task (clear authentication cache) programatically, using javascript or something like it to clear authentication cache without user intervention.

How can I do this?

PS: Take a look at <a href="http://gemal.dk/browserspy/password-works.html" target=_blank>http://gemal.dk/browserspy/password-works.html</a>. User: test Password: test

See the link "flush all credentials" on the page. Use IE to see what I need to do with FF too.
Will Rickards WT
Posts: 288
Joined: October 9th, 2003, 1:21 pm

Post by Will Rickards WT »

If you read the bugs I listed you'll see that you can't.
That is why there are bugs for it.
But the developers don't think it should be available in script only to the user.
Kind of like bookmark this page or other things that scripts shouldn't do.

As I see it, if you want to pursue it,
You'll probably need to get a verdict from the javascript module owner, Is this Brendan Eich?
You'll need to submit your own patch to expose it to javascript before anybody will consider including it though.
JaredM
Posts: 3826
Joined: November 14th, 2004, 4:41 am
Location: Alberta, Canada
Contact:

Post by JaredM »

Ilanio, I've done some searching and it doesn't appear you can code a website to do this, you may want to consider filing an enhancement request in bugzilla for this.

The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
I'm moving to Theory, everything works there.
Most issues are solved by going through the Standard Diagnostic
JaredM
Posts: 3826
Joined: November 14th, 2004, 4:41 am
Location: Alberta, Canada
Contact:

Post by JaredM »

Ilanio, I've done some searching and it doesn't appear you can code a website to do this, you may want to consider filing an enhancement request in bugzilla for this.

The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
I'm moving to Theory, everything works there.
Most issues are solved by going through the Standard Diagnostic
Racer
Posts: 6108
Joined: November 18th, 2002, 11:07 am

Post by Racer »

I'm not too familiar with HTTP authentication, but here's my idea:
Assume you have just logged in via http authentication using Firefox. When you want to log out, instead of trying to clear the cache, use an XMLHttpRequest to send an invalid authentication username & password. This invalid username & password would be "accepted" by the server, hopefully causing Firefox to update the http authentication cache with the invalid information. After that, any attempt to auto-authenticate will use the invalid username & password, which on subsequent attempts to log in would be rejected by the server, therefore making the password prompt come up again, allowing the user to enter the correct password.

Of course, this assumes that Firefox caches http authentication done through XMLHttpRequest, which may not be the case. If not, then perhaps someone else can come up with a different way to make the authentication information change without user intervention.

Not a perfect solution, but the best I could think of.
awklee
Posts: 3
Joined: March 24th, 2006, 7:49 pm

Re: Same problem

Post by awklee »

Ilanio wrote:I´m having the same problem:

I´m using http-authentication.

The first time the user access my page he is asked for username and password through browser authentication box.

After user leaves the site using a logoff page, if he/she doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.

Working with Internet Explorer, if I use the javascript code document.execCommand("ClearAuthenticationCache") on logoff page (like <body onLoad="document.execCommand('ClearAuthenticationCache')">), when the user comes back to site, a new authentication box is displayed, because authentication information was cleared from cache.

I was looking for a way to make the same thing on Firefox. There´s a way to do this? If not can you add this feature (Clear HTTP Authentication Information using JavaScript) in new versions of Firefox?
awklee
Posts: 3
Joined: March 24th, 2006, 7:49 pm

Post by awklee »

Dear all,

I found that javascript code document.execCommand("ClearAuthenticationCache") could clear the http authentication information from cache in Internet Explorer with version 6.x., however, I it seemed that it did not work in I.E. version 5.x. Is there any method to do the same clearence in I.E. version 5.x ?
Looking forwards to receiving your advice. Thanks.
User avatar
jscher2000
Posts: 11742
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA
Contact:

Post by jscher2000 »

awklee wrote:I found that javascript code document.execCommand("ClearAuthenticationCache") could clear the http authentication information from cache in Internet Explorer with version 6.x., however, I it seemed that it did not work in I.E. version 5.x.

Correct, that only became available starting with IE 6. (See: ClearAuthenticationCache Command (Internet Explorer - DHTML) at Microsoft.com)

awklee wrote:Is there any method to do the same clearence in I.E. version 5.x ?
Looking forwards to receiving your advice. Thanks.

How about just timing out the session? You could use a cookie or something server side.
awklee
Posts: 3
Joined: March 24th, 2006, 7:49 pm

Post by awklee »

Thank you, jscher2000.

The problem I encountered was quite similar to that posed by Ilanio on 25 Jan 2006.

The first time user access my page he was asked for username and password through I.E browser authentication box.

If user left the site by surfing other web site without closing the browser window and returned back to site again, no authentication box is displayed, because the username and password were stored on browser cache.

I was afraid that server side could not handle this situation even a new session was provided since the username and password was cached in the client side browser.

For the above reason, I'm looking for a solution to clear the authentication cache in I.E. 5.x with minimal user intervention.

Any more idea ?
Racer
Posts: 6108
Joined: November 18th, 2002, 11:07 am

Post by Racer »

Given that this is a Mozilla/Firefox support forum, and not an IE support forum, I doubt you'll see very many IE-specific solutions. I suggest you try an IE web development forum.
Locked