Looking for a cross-browser way to log a user off a webpage which uses windows authentication.
A:
Closing the browser is the only cross browser way I've found to do that. This is one of the reasons that we had to switch to using Forms authentication.
David
2009-08-17 19:47:01
You must mean close all browser instances
Oded
2009-12-03 22:01:16
Actually he would mean all browser windows in the same process - what this actually means is dependant on which browser it is.
AviD
2009-12-08 00:37:37
activex != cross browser. Also, can that be any older? IE 4.1? No rep for u.
Will
2009-12-08 14:45:59
+2
A:
There is not an ultimate solution. This is a known limitation of all types of www authentications.
You can send a fake unauthorized answer to request password again. This approach may help you to simulate logoff.
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate", "Negotiate"
Response.AddHeader "WWW-Authenticate", "NTLM"
dereli
2009-12-08 15:54:16
A:
What is the point of logging the user out? Do you want them to have to close the browser and go to the site again and be automatically logged in?
If it is just a purely visual fake out, then I would use a cookie to indicate if the user needs to be shown the login screen or not. It would have nothing to do with Authentication or Authorization, just purely an indicator of if they are "logged in".
What happens when they are logged off and go to the login screen? Do you want them to actually have to enter their credentials at that point? What is the "Log in after Log out" user story?
Bryan Batchelder
2009-12-09 16:28:03
The point is handling situations where users must log on to a website to use it, they aren't allowed to share sessions (user Hurr can't log on twice at the same time), and users constantly close the browser without logging off, meaning they must wait until their session times out before they can log back in again.
Will
2009-12-09 19:08:21