如何告诉浏览器忘记htdigest？ [英] How to tell the browser to forget htdigest?

问题描述

我用Htdigest身份验证的lighttpd。当该网站用户首次登录，一个标准的用户名/密码对话框是presented。如果输入正确的用户名和密码，用户可以登录，否则的lighttpd显示一个身份验证失败的页面。

I use Htdigest authentication with lighttpd. When the user first logs in to the website, a standard username/password dialogue box is presented. If correct username and password is entered, user can login, otherwise lighttpd shows an Authentication failure page.

到目前为止好！

问题是，当用户想注销，浏览器不会忘记用户名和密码。换句话说，只要浏览器是打开的，用户可返回同一部位没有被要求进行验证。一种解决方案可以使得它忘记了身份验证，关闭浏览器，但我不希望强迫用户关闭他们想要注销自己的浏览器每次。

The problem is when the user wants to logout, the browser doesn't forget the username and password. In other words as long as the browser is open, user can return to the same site without being asked to authenticate. One solution can be to close the browser so that it forgets the authentications But I don't want to force the user to close their browser everytime they want to log out.

有没有使用JavaScript或服务器端code（即PHP，Python或LUA）让浏览器忘记htdigest认证的方式？

Is there a way using JavaScript or server side code (ie. PHP, Python or Lua) to let the browser forget the htdigest authentication?

PS。我们使用的Lua 5.1在服务器端这是不一样强大的PHP，但它在Linux上运行2.6作为FASTCGI在Lighttpd的1.4。

PS. We use Lua 5.1 on the server side which is not as powerful as PHP but it runs as FASTCGI in Lighttpd 1.4 on Linux 2.6.

推荐答案

这是可以做到的，但很棘手。没有默认的方式做到这一点。结论得出从的各种 来源：

It can be done, but is tricky. There is no default way to do this. Conclusion drawn from various sources:

您必须欺骗浏览器忘记用户名/密码组合。这可以通过让登出页面来实现发送401没有获得许可的响应头。不幸的是，每个细节有所不同浏览器

You have to trick the browser in forgetting the user/password combo. This can be achieved by letting the logout page send a 401 Not Authorized response header. Unfortunately the details vary per browser.

这篇关于如何告诉浏览器忘记htdigest？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！