Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-14-2007, 12:11 PM   #1
Registered: Oct 2006
Distribution: CentOS | Fedora | Mint | Ubuntu
Posts: 43

Rep: Reputation: 15
LogOff from Secure Web Interface

Hi all !
Am looking for a way to secure my critical web interfaces where the primary access is login password implemented by htaccess.
The login goes smoothly but when the web browser is closed when a user is still logged in,the login prompt is not displayed during the next login - the user is logged in directly.
I wanted a way on how I would control the interface by having web session timeout after periods of inactivity then there must be an absolute login prompt whenever a user tries to access the secured pages at any given time.
How do I do this?Do I need to use logout redirections and if so,how best?
Also note that am only using htaccess for security and the pages are being accessed thro' port 80 and not thought of putting them on https though am not sure this would sort anything.
Am running on Fedora Core 5 with apache as the webserver.
Please advice me on the best way forwad.

Last edited by dablew; 08-14-2007 at 12:13 PM.
Old 08-14-2007, 02:35 PM   #2
Registered: Aug 2007
Distribution: RHEL, Fedora, Ubuntu
Posts: 64

Rep: Reputation: 16
Per the Apache docs on Basic Authentication:

How do I log out?

Since browsers first started implementing basic authentication, website administrators have wanted to know how to let the user log out. Since the browser caches the username and password with the authentication realm, as described earlier in this tutorial, this is not a function of the server configuration, but is a question of getting the browser to forget the credential information, so that the next time the resource is requested, the username and password must be supplied again. There are numerous situations in which this is desirable, such as when using a browser in a public location, and not wishing to leave the browser logged in, so that the next person can get into your bank account.

However, although this is perhaps the most frequently asked question about basic authentication, thus far none of the major browser manufacturers have seen this as being a desirable feature to put into their products.

Consequently, the answer to this question is, you can't. Sorry.
Essentially, its up to the browser. If the browser is fully quit, that usually requires the person to re-authenticate, as the browser session has expired. However, if they have other browser windows/tabs open and merely close your site and then re-open it, the browser will probably maintain the login info and re-authenticate for the user. This is also true for say Mac OS X, where all browser windows are closed, but the browser application is technically still running.

Your best bet is to build a login system to your application and use session management in your code and not rely on Apache's Basic Authentication system. As you can see from the quote above, the functionality you're looking for isn't really built into it.
Old 08-17-2007, 01:20 AM   #3
Registered: Oct 2006
Distribution: CentOS | Fedora | Mint | Ubuntu
Posts: 43

Original Poster
Rep: Reputation: 15
Thanks thebouv for your very informative info.

Av been looking around for ways to integrate login scripts to my site bt not very helpful coz I still need to have a logout link when am logged in the site.

Am not very good at scripting and any links on howtos willl really be valied.

Pls assist.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to secure my web server lqchangba Linux - Security 1 04-22-2007 10:34 AM
Secure Web Hosting Tux-O-Matic Linux - General 11 11-08-2006 11:05 PM
How to secure the management interface imanassypov *BSD 1 02-27-2006 02:15 PM
Secure a web page sujte Linux - Security 2 06-15-2004 04:25 AM
Secure web server sanjibgupta Linux - Newbie 1 08-27-2003 07:05 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:06 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration