http基本认证“注销" [英] http basic authentication "log out"

问题描述

HTTP 基本身份验证凭据会一直存储到浏览器关闭为止，但是有没有办法在浏览器关闭之前删除凭据?

HTTP basic authentication credentials are stored until the browser is closed, but is there a way to remove the credentials before the browser is closed?

我读到了一个 使用 HTTP 401 状态代码的技巧，但它似乎工作不正常(见评论回答).也许 trac 使用的机制是解决方案.

I read about a trick with HTTP 401 status code, but it seems to work not properly (see comment to answer). Maybe the mechanism trac uses is the solution.

可以使用 JavaScript 删除凭据吗?或者结合使用 JavaScript 和状态 401 技巧?

Can the credentials be deleted with JavaScript? Or with a combination of JavaScript and the status 401 trick?

推荐答案

更新:此解决方案在许多浏览器中似乎不再适用.Kaitsu 的评论:

Update: This solution does not seem to work anymore in many browsers. Kaitsu's comment:

这种发送虚假凭据以使浏览器忘记正确的经过身份验证的凭据的解决方案在 Chrome (16) 和 IE (9) 中不起作用.适用于 Firefox (9).

This solution of sending false credentials to make browser forget the correct authenticated credentials doesn't work in Chrome (16) and IE (9). Works in Firefox (9).

<小时>

实际上，您可以通过向服务发送虚假凭据来实施解决方法.这在浏览器中通过发送另一个(不存在?)没有密码的用户名来工作.浏览器会丢失有关经过身份验证的凭据的信息.

---

Actually you can implement a workaround by sending false credentials to the service. This works in Browsers by sending another (non-existent?) Username without a password. The Browser loses the information about the authenticated credentials.

示例:

https://www.example.com/ => 登录基本身份验证为user1"

https://www.example.com/ => Log in with basic auth as "user1"

现在打开

https://foobar@www.example.com/

您已注销.;)

问候

P.s.:但是在依赖给定的信息之前，请使用所有需要的浏览器进行测试.

P.s.: But please test this with all needed Browsers before you rely on the given information.

这篇关于http基本认证“注销"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！