http基本身份验证“注销” [英] http basic authentication "log out"
问题描述
存储HTTP基本身份验证凭据直到浏览器关闭,但有没有办法在浏览器关闭之前删除凭据?
HTTP basic authentication credentials are stored until the browser is closed, but is there a way to remove the credentials before the browser is closed?
我读到了一个<使用HTTP 401状态代码的href =https://stackoverflow.com/questions/449788/http-authentication-logout-via-php/449914#449914>技巧,但似乎工作不正确(见评论回答)。也许机制trac使用的是解决方案。
I read about a trick with HTTP 401 status code, but it seems to work not properly (see comment to answer). Maybe the mechanism trac uses is the solution.
可以使用JavaScript删除凭据吗?或者结合使用JavaScript和状态401技巧?
Can the credentials be deleted with JavaScript? Or with a combination of JavaScript and the status 401 trick?
推荐答案
更新:此解决方案不具备似乎在许多浏览器中都可以工作了。 Kaitsu的评论:
Update: This solution does not seem to work anymore in many browsers. Kaitsu's comment:
这种发送虚假凭证以使浏览器忘记正确的经过身份验证的凭据的解决方案在Chrome(16)和IE中无效(9)。适用于Firefox(9)。
This solution of sending false credentials to make browser forget the correct authenticated credentials doesn't work in Chrome (16) and IE (9). Works in Firefox (9).
实际上你可以通过发送false来实现变通方法服务凭证。这可以在浏览器中通过发送另一个(不存在的?)用户名而无需密码。浏览器丢失了有关经过身份验证的凭据的信息。
Actually you can implement a workaround by sending false credentials to the service. This works in Browsers by sending another (non-existent?) Username without a password. The Browser loses the information about the authenticated credentials.
示例:
< a href =https://www.example.com/ =noreferrer> https://www.example.com/ =>使用基本身份验证登录
为user1
https://www.example.com/ => Log in with basic auth as "user1"
现在打开
https://foobar@www.example.com/
您已被注销。 ;)
问候
Ps:但请用所有需要测试在您依赖给定信息之前浏览器。
P.s.: But please test this with all needed Browsers before you rely on the given information.
这篇关于http基本身份验证“注销”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
