Jump to content

Protected Directories


wkg
 Share

Recommended Posts

I've used cPanel to create a password protected directory for some user admin php scripts. That works fine.

 

Is there a way to "log out" the user after they finish? This is important if the user is at a public computer, like at the library.

 

It seems so inelegant to tell the user to "close the browser." Would be nice to have a link or button marked Log Out which would remove the permissions for access to that directory until the user logged in again with their username and password. I think that would be easier for them to remember, too.

 

TIA

Link to comment
Share on other sites

It's a browser thing. I don't know if you can force the browser to clear the cached information.

 

That's why most bank sites tell you to close the browser to fully log out.

 

Oh, and if you are using a public computer get a flash drive and load portable firefox on it. Use that to access your sites and it will leave no trace on the computer you are using.

Link to comment
Share on other sites

Oh, and if you are using a public computer get a flash drive and load portable firefox on it. Use that to access your sites and it will leave no trace on the computer you are using.

Unless they're running a keyboard logger. :shocking: If it's something like a bank account that should remain your-eyes-only then don't you dare use a computer you aren't sure about.

 

As Bruce said, it's usually the browser that caches the password entry. You can delete a cookie or something like that, but I don't think there's any foolproof way to totally log someone out. At this moment I'm using Opera and their wand will override simple password boxes. The only thing I could think of is if the site does a challenge-response type thing. For example - every time they want to access something have the site say "Enter XXYZ" and change it every time. It's a pain, but unless you change the passcode at the server side the browsers can cache it.

Link to comment
Share on other sites

Unless they're running a keyboard logger. If it's something like a bank account that should remain your-eyes-only then don't you dare use a computer you aren't sure about.

 

As Bruce said, it's usually the browser that caches the password entry. You can delete a cookie or something like that, but I don't think there's any foolproof way to totally log someone out.

In this case, it is not financial or high-risk, so I'm not going to sweat it.

 

I suppose one could write their own password security using php sessions, then close the session. But that's way more than I need at this point.

 

Thanks for your input, all.

Link to comment
Share on other sites

To be honest, I would never login to my bank from Work as work as a policy about recording everything you do

I always log into my bank from work... but then I work out of my spare bedroom :clapping: The boss can be a bit much some days, but then he lets me watch afternoon baseball if I've been good and done my chores.

Link to comment
Share on other sites

  • 2 weeks later...
I've used cPanel to create a password protected directory for some user admin php scripts. That works fine.

 

Is there a way to "log out" the user after they finish? This is important if the user is at a public computer, like at the library.

 

It seems so inelegant to tell the user to "close the browser." Would be nice to have a link or button marked Log Out which would remove the permissions for access to that directory until the user logged in again with their username and password. I think that would be easier for them to remember, too.

 

TIA

 

This uses a form of authentication known as HTTP-AUTH, of which there are two forms: Basic and Digest. Basic is the most common and the simplest to implement, which is what the Protected Directory functionality of cPanel uses.

 

PHP can handle HTTP-AUTH Sessions, but to my knowledge only one browser supports a Log Out method with HTTP-AUTH, that being FireFox. All other browsers retain the information until the browser is closed.

 

If you really want a log out button, you need to use PHP's Session handling support, but in some ways it's not as secure as HTTP-AUTH.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...