Computer Hope
Other => Other => Topic started by: Zylstra on June 20, 2006, 07:05:52 PM
-
(this topic moved from WebDesign to Other)
I need a logout page for my site. I am not sure of how to do this.
I would assume that you would use some sort of script. I did search Google, but found nothing.
Is there something I can do?
(I am not sure what other info I need to include. I will include more if necessary)
(if you wanted to know, I need a logout script for password protected directories. Like the link I am about to add below as a test subject. )
Just to show you what I mean, go to the link, and use username "guest" password "password" (don't worry, this is only for one folder on my site. You cant get to anything else)
www.jessez.mbhosting.com/temppass/loggedin.htm
I might as well ask this too:
Is that page really, secure? Could someone get into it if they wanted to without a password/username?
(I did try the following:
<?
session_start();
session_destroy();
?>
it didnt work, unless I did something wrong.)
-
Are you sure this doesn't belong in Web Design?
-
I did put it there. It was there. It got 8 views in about 5 hours.
(and 4 of those views were mine)
Feel free to move it GX1_MAN, I really don't mind.
(or I could move it. Whichever)
-
We'll leave it here and see what happens. I don't think it will be much of a "hot topic", but you never know. ;)
-
That script you have won't do much good. I'm pretty sure this is more what you're looing for... http://www.zymic.com/show_downloads_sub.php?id=9 ... You want to dowload that login script. See if that helps ;)
Flame
-
That script you have won't do much good. I'm pretty sure this is more what you're looing for... http://www.zymic.com/show_downloads_sub.php?id=9 ... You want to dowload that login script. See if that helps ;)
Flame
Well, it makes a logon. I still need a logoff.
I think I will try my script again, but do something different.
(Making the HTML process the PHP file. Could work, but its the same thing I did before)
What does PHP stand for anyways?
Update: PHP processing with that sissy script I had didnt work. I just got a bunch of errors. (see the logout page in the link that I posted earlier)
-
Someone should probably explain to me what a logout script does.
(Does it delete cookies? Does the cookie file need to be specified in the logout script? And whatever else there is to know, etc..)
I am going to do another google search using more web search formatting.
BTW: this is an .htaccess logon. If that helps.
-
It is not particularly easy to force a logoff from an HTTP authenticated session but >this page< (http://www.berenddeboer.net/rest/authentication.html) provides some useful pointers. Personally, I create my own PHP-driven authentication using a mixture of cookies, session cookies and IP-locking. I prefer this method because I can have much more control over it and can take considerable steps to protect login credentials and circumvent session-stealing.
This is a fairly big topic really, but it has been discussed a few times before in the web design section - have a trawl. The main reason for logging off I guess would be to ensure that a different user coming to the same PC cannot access private information or take unauthorised steps.
In my version of authentication, this involves something at server and client ends of the connection. At the server end, I use a database to track current sessions (and do the IP-locking I mentioned). At the client end, deletion of HTTP cookies and session cookies ensures that the session is fully terminated.
-
Confusing...
I will take a look and see if I can get that figured out.
Thanks
-
Apache gave me the answer:
"You cant"
Oh well, looks like all my users are logged in FOREVER.
Are there any easy alternatives, like how this site makes a login?
(or is it more complicated than I want?)
A PHP program type manager would be wonderful, oh well.
(from the website that Rob gave me, I could, but it seems WAY to complicated for someone like me)
-
Just google "php login script". You'll find loads. But unless you fully understand the security implications, don't give people the impression that the login is secure. :)