document.execCommand("ClearAuthenticationCache")
-
- Posts: 3
- Joined: January 11th, 2006, 8:46 am
- Location: London , UK
- Contact:
document.execCommand("ClearAuthenticationCache")
I'am looking for the Firefox equivalent of this. I am trying to clear the HTTP authentication cache from the browers after using it for a PHP login.
I.E 5.5+ uses - document.execCommand("ClearAuthenticationCache")
But this does not seems to work with Firefox - Although php.net i got it from said it works with Firefox 1 and greater.
Other forums say that the only way to clear this is to use "java" , I have found you can use an extension call "Web developer toolbar" but i would like to make it so the user can logout themselfs by NOT closing the browser and being able to click a "log out" button on my site !
If anyone has any tips on this they would be greatly appriciated as i am loosing my hair more and more by the minute with this problem ! :o)
Thanks
James
I.E 5.5+ uses - document.execCommand("ClearAuthenticationCache")
But this does not seems to work with Firefox - Although php.net i got it from said it works with Firefox 1 and greater.
Other forums say that the only way to clear this is to use "java" , I have found you can use an extension call "Web developer toolbar" but i would like to make it so the user can logout themselfs by NOT closing the browser and being able to click a "log out" button on my site !
If anyone has any tips on this they would be greatly appriciated as i am loosing my hair more and more by the minute with this problem ! :o)
Thanks
James
James Mitchell
-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
- jqp
- Posts: 5070
- Joined: November 17th, 2004, 10:56 am
- Location: In a box
- Contact:
i would like to make it so the user can logout themselfs by NOT closing the browser and being able to click a "log out" button on my site !
I assume you're using a session. There's an example here on how to kill the session.
-
- Posts: 3
- Joined: January 11th, 2006, 8:46 am
- Location: London , UK
- Contact:
No, i am using the HTTP authentication in PHP - header("www-authenticate...)
The user name and password is stored in the browser cache. document.execCommand("ClearAuthenticationCache") clears it in IE but does not in Firefox...
Have a look... use IE and Firefox : www.kashoo.co.uk/ntlogin.php (there is no username and password use anything to login for the time being)
Thanks
James
The user name and password is stored in the browser cache. document.execCommand("ClearAuthenticationCache") clears it in IE but does not in Firefox...
Have a look... use IE and Firefox : www.kashoo.co.uk/ntlogin.php (there is no username and password use anything to login for the time being)
Thanks
James
James Mitchell
-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
-------------------------------------------------
kashoo.co.uk - online shopping w/ rewards
-------------------------------------------------
-
- Posts: 7
- Joined: January 25th, 2006, 7:23 pm
Same problem
I´m having the same problem:
I´m using http-authentication.
The first time the user access my page he is asked for username and password through browser authentication box.
After user leaves the site using a logoff page, if he/she doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.
Working with Internet Explorer, if I use the javascript code document.execCommand("ClearAuthenticationCache") on logoff page (like <body onLoad="document.execCommand('ClearAuthenticationCache')">), when the user comes back to site, a new authentication box is displayed, because authentication information was cleared from cache.
I was looking for a way to make the same thing on Firefox. There´s a way to do this? If not can you add this feature (Clear HTTP Authentication Information using JavaScript) in new versions of Firefox?
I´m using http-authentication.
The first time the user access my page he is asked for username and password through browser authentication box.
After user leaves the site using a logoff page, if he/she doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.
Working with Internet Explorer, if I use the javascript code document.execCommand("ClearAuthenticationCache") on logoff page (like <body onLoad="document.execCommand('ClearAuthenticationCache')">), when the user comes back to site, a new authentication box is displayed, because authentication information was cleared from cache.
I was looking for a way to make the same thing on Firefox. There´s a way to do this? If not can you add this feature (Clear HTTP Authentication Information using JavaScript) in new versions of Firefox?
-
- Posts: 288
- Joined: October 9th, 2003, 1:21 pm
-
- Posts: 7
- Joined: January 25th, 2006, 7:23 pm
These topics only solve the problem by adding a UI menu item that clears the authentication cache when the user clicks it.
But, I need a way to perform this task (clear authentication cache) programatically, using javascript or something like it to clear authentication cache without user intervention.
How can I do this?
PS: Take a look at <a href="http://gemal.dk/browserspy/password-works.html" target=_blank>http://gemal.dk/browserspy/password-works.html</a>. User: test Password: test
See the link "flush all credentials" on the page. Use IE to see what I need to do with FF too.
But, I need a way to perform this task (clear authentication cache) programatically, using javascript or something like it to clear authentication cache without user intervention.
How can I do this?
PS: Take a look at <a href="http://gemal.dk/browserspy/password-works.html" target=_blank>http://gemal.dk/browserspy/password-works.html</a>. User: test Password: test
See the link "flush all credentials" on the page. Use IE to see what I need to do with FF too.
-
- Posts: 288
- Joined: October 9th, 2003, 1:21 pm
If you read the bugs I listed you'll see that you can't.
That is why there are bugs for it.
But the developers don't think it should be available in script only to the user.
Kind of like bookmark this page or other things that scripts shouldn't do.
As I see it, if you want to pursue it,
You'll probably need to get a verdict from the javascript module owner, Is this Brendan Eich?
You'll need to submit your own patch to expose it to javascript before anybody will consider including it though.
That is why there are bugs for it.
But the developers don't think it should be available in script only to the user.
Kind of like bookmark this page or other things that scripts shouldn't do.
As I see it, if you want to pursue it,
You'll probably need to get a verdict from the javascript module owner, Is this Brendan Eich?
You'll need to submit your own patch to expose it to javascript before anybody will consider including it though.
-
- Posts: 3826
- Joined: November 14th, 2004, 4:41 am
- Location: Alberta, Canada
- Contact:
Ilanio, I've done some searching and it doesn't appear you can code a website to do this, you may want to consider filing an enhancement request in bugzilla for this.
The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
I'm moving to Theory, everything works there.
Most issues are solved by going through the Standard Diagnostic
Most issues are solved by going through the Standard Diagnostic
-
- Posts: 3826
- Joined: November 14th, 2004, 4:41 am
- Location: Alberta, Canada
- Contact:
Ilanio, I've done some searching and it doesn't appear you can code a website to do this, you may want to consider filing an enhancement request in bugzilla for this.
The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
The web developer extension does allow you to clear the http auth session but again this is not really what you are looking for.
I'm moving to Theory, everything works there.
Most issues are solved by going through the Standard Diagnostic
Most issues are solved by going through the Standard Diagnostic
-
- Posts: 6108
- Joined: November 18th, 2002, 11:07 am
I'm not too familiar with HTTP authentication, but here's my idea:
Assume you have just logged in via http authentication using Firefox. When you want to log out, instead of trying to clear the cache, use an XMLHttpRequest to send an invalid authentication username & password. This invalid username & password would be "accepted" by the server, hopefully causing Firefox to update the http authentication cache with the invalid information. After that, any attempt to auto-authenticate will use the invalid username & password, which on subsequent attempts to log in would be rejected by the server, therefore making the password prompt come up again, allowing the user to enter the correct password.
Of course, this assumes that Firefox caches http authentication done through XMLHttpRequest, which may not be the case. If not, then perhaps someone else can come up with a different way to make the authentication information change without user intervention.
Not a perfect solution, but the best I could think of.
Assume you have just logged in via http authentication using Firefox. When you want to log out, instead of trying to clear the cache, use an XMLHttpRequest to send an invalid authentication username & password. This invalid username & password would be "accepted" by the server, hopefully causing Firefox to update the http authentication cache with the invalid information. After that, any attempt to auto-authenticate will use the invalid username & password, which on subsequent attempts to log in would be rejected by the server, therefore making the password prompt come up again, allowing the user to enter the correct password.
Of course, this assumes that Firefox caches http authentication done through XMLHttpRequest, which may not be the case. If not, then perhaps someone else can come up with a different way to make the authentication information change without user intervention.
Not a perfect solution, but the best I could think of.
-
- Posts: 3
- Joined: March 24th, 2006, 7:49 pm
Re: Same problem
Ilanio wrote:I´m having the same problem:
I´m using http-authentication.
The first time the user access my page he is asked for username and password through browser authentication box.
After user leaves the site using a logoff page, if he/she doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.
Working with Internet Explorer, if I use the javascript code document.execCommand("ClearAuthenticationCache") on logoff page (like <body onLoad="document.execCommand('ClearAuthenticationCache')">), when the user comes back to site, a new authentication box is displayed, because authentication information was cleared from cache.
I was looking for a way to make the same thing on Firefox. There´s a way to do this? If not can you add this feature (Clear HTTP Authentication Information using JavaScript) in new versions of Firefox?
-
- Posts: 3
- Joined: March 24th, 2006, 7:49 pm
Dear all,
I found that javascript code document.execCommand("ClearAuthenticationCache") could clear the http authentication information from cache in Internet Explorer with version 6.x., however, I it seemed that it did not work in I.E. version 5.x. Is there any method to do the same clearence in I.E. version 5.x ?
Looking forwards to receiving your advice. Thanks.
I found that javascript code document.execCommand("ClearAuthenticationCache") could clear the http authentication information from cache in Internet Explorer with version 6.x., however, I it seemed that it did not work in I.E. version 5.x. Is there any method to do the same clearence in I.E. version 5.x ?
Looking forwards to receiving your advice. Thanks.
- jscher2000
- Posts: 11762
- Joined: December 19th, 2004, 12:26 am
- Location: Silicon Valley, CA USA
- Contact:
awklee wrote:I found that javascript code document.execCommand("ClearAuthenticationCache") could clear the http authentication information from cache in Internet Explorer with version 6.x., however, I it seemed that it did not work in I.E. version 5.x.
Correct, that only became available starting with IE 6. (See: ClearAuthenticationCache Command (Internet Explorer - DHTML) at Microsoft.com)
awklee wrote:Is there any method to do the same clearence in I.E. version 5.x ?
Looking forwards to receiving your advice. Thanks.
How about just timing out the session? You could use a cookie or something server side.
-
- Posts: 3
- Joined: March 24th, 2006, 7:49 pm
Thank you, jscher2000.
The problem I encountered was quite similar to that posed by Ilanio on 25 Jan 2006.
The first time user access my page he was asked for username and password through I.E browser authentication box.
If user left the site by surfing other web site without closing the browser window and returned back to site again, no authentication box is displayed, because the username and password were stored on browser cache.
I was afraid that server side could not handle this situation even a new session was provided since the username and password was cached in the client side browser.
For the above reason, I'm looking for a solution to clear the authentication cache in I.E. 5.x with minimal user intervention.
Any more idea ?
The problem I encountered was quite similar to that posed by Ilanio on 25 Jan 2006.
The first time user access my page he was asked for username and password through I.E browser authentication box.
If user left the site by surfing other web site without closing the browser window and returned back to site again, no authentication box is displayed, because the username and password were stored on browser cache.
I was afraid that server side could not handle this situation even a new session was provided since the username and password was cached in the client side browser.
For the above reason, I'm looking for a solution to clear the authentication cache in I.E. 5.x with minimal user intervention.
Any more idea ?