Work log for employer projects.
August 05, 2004
Logout
- My research so far tells me I'm not going to be able to implemnt logout.
- The best method I've found so far is to link to http://fakeuser:fakepass@yourdomain.com/public/logout.htm. Used to be, this would have worked fine. But lately there have been some phishing emails that use this format to fool people about what site they're logging into. So now browsers give the user a warning whenever a link is in that form.
- Also, once it has been to the page with the fake:fake url it then prepends that to every link afterwards. I suppose a redirect might fix that
- Sent an email to CGI-World
- Doing some testing in IE
- IE doesn't even allow that link format, anymore. It says it's invalid. And it doesn't clear the login info.
- I found a few mentions of faking a 401 error to clear the info. I might try to implement one of them
- It looks like those do essentially the same thing, and thus suffer from the same problems
Posted by Mighty at August 5, 2004 12:52 AM