4:45 a.m.
Thanks for explaining the login process. It looks like you make use of
Basic Auth for the login. I think you should be able to destroy the saved
state if you login using another username and password.
Could you try doing this ?
Open this URL, http://username:password@yoursite.com in netsurf.
Could you try a couple of cases ?
One, a username password which is valid but different from the saved one.
A different (invalid) username password combo.
I am hoping the invalid combo forces the login window next time (or locks
you out).
On May 12, 2016 10:31 PM, "Jim Nagel" <netsurf(a)abbeypress.co.uk> wrote:
Ashish Gupta wrote on 12 May:
> It would help if you could elaborate on this login process that your
> site relies on.
It's a pretty simple PHP script that asks for a username and password.
The user submits* these, the PHP checks against its list of authorized
users, if there's a match you're in.
The username and password are input via a standard dialogue box, which
I guess is provided by the OS or by the browser -- the RiscOS box is
most familiar to me.
I also tested with Firefox on Windows and saw an equivalent box
there, followed by a popup box that asked if I want Firefox to
remember the details for next time; I said no. RiscOS had no such
popup.
Also tested with the default browser on my Android phone: again an
equivalent login box. Tried that one again just now (two or three
hours after first access): I'm straight in without being asked for
username and password.
> I am also curious to know how a session is maintained as you mentioned
> that cookies are not used.
Exactly what I too am curious about.
When I asked my PHP guru about this, he said HTML is "stateless" --
meaning, I think, that HTML itself does not register the state of
logged-in-ness.
--
Jim Nagel www.archivemag.co.uk
4:13 p.m.
New subject: how to make Netsurf forget its logged-in state
[Please reply to the list rather than to me privately.]
Ashish Gupta wrote on 13 May:
Thanks for explaining the login process. It looks like you make use
of
Basic Auth for the login.
The PHP includes statements like this:
if (!isset($_SERVER["PHP_AUTH_USER"])
Does that confirm what you say about "Basic Auth"? Is that something
that resides on the server as a resource for customers like me? (As
you can see, my knowledge of PHP is minimal; this routine was written
for me by somebody else.)
I think you should be able to destroy the saved state if you login
using another username and password.
Could you try doing this ?
Open this URL, http://username:password@yoursite.com in netsurf.
Did that, using a different valid username as part of the URL, as you
suggest. Got in without seeing a login box.
Could you try a couple of cases ?
One, a username password which is valid but different from the saved one.
A different (invalid) username password combo.
I am hoping the invalid combo forces the login window next time (or
locks you out).
Did those tests too. In all cases, I got in without seeing a login
box.
Then downloaded the log file which the PHP generates on the server and
checked it. These login tests do NOT appear on the log.
--
Jim Nagel www.archivemag.co.uk
7:59 a.m.
New subject: how to make Netsurf forget its logged-in state
In article <cc56a57f55.jim(a)abbeypress.net>,
Jim Nagel <netsurf(a)abbeypress.co.uk> wrote:
[Please reply to the list rather than to me privately.]
Ashish Gupta wrote on 13 May:
> Thanks for explaining the login process. It looks like you make use of
> Basic Auth for the login.
The PHP includes statements like this:
if (!isset($_SERVER["PHP_AUTH_USER"])
Does that confirm what you say about "Basic Auth"? Is that
something
that resides on the server as a resource for customers like me?
That variable does indeed have to do with HTTP authentication. That type
of authentication does not use cookies, but is handled by the browser
internally. It remembers the login details after you've successfully
logged in to a site, but in my experience browsers tend to forget that
after being closed down. If NetSurf retains the information, I *think*
that should be classified as a bug, but I'm not certain. I've just never
seen it happen with the browsers I use regularly.
I'll run some tests with the login details you sent me recently to see
if I can figure out where NetSurf stores this info.
Then downloaded the log file which the PHP generates on the server
and
checked it. These login tests do NOT appear on the log.
That's because they're not done by the PHP script, which is server side.
The browser does it all by itself.
Regards,
Frank
8:11 a.m.
New subject: how to make Netsurf forget its logged-in state
Just now I wrote:
I'll run some tests with the login details you sent me recently
to see
if I can figure out where NetSurf stores this info.
Interesting. If I quit NetSurf it *does* forget the login details, as I
would have expected. The authentication window pops up again after a
restart. That's with NetSurf 3.6 (Dev CI #3538). Which version are you
using?
Regards,
Frank
3:24 p.m.
New subject: how to make Netsurf forget its logged-in state
Frank de Bruijn wrote on 14 May:
If I quit NetSurf it *does* forget the login details, as I would
have
expected. The authentication window pops up again after a restart.
That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?
I'm using Netsurf 3.5 #3433 (with Javascript switched off at the
moment, if that's relevant). And I'll update today, I promise. I
usually update much more frequently; the past month or two are
atypical.
You're right, though: quitting Netsurf does forget the login details.
So that's obviously the simple solution to my original problem.
Still would like to know where Netsurf stores this info -- cache? --
and if there'd be any way to erase it (i.e., to "log out") without
quitting everything else that might be open.
Further curious observation just now after restarting Netsurf: I type
the URL as http://archivemag.co.uk/Volume24/01 and give details in the
login box; I get in.
Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time
including the optional www prefix -- and the login box appears again.
So it seems Netsurf treats these as two separate cases, even though
they lead to the identical target in the website itself. OK, no harm
in that, just an observation.
--
Jim Nagel www.archivemag.co.uk
4:24 p.m.
New subject: how to make Netsurf forget its logged-in state
In article <c2b1248055.jim(a)abbeypress.net>,
Jim Nagel <netsurf(a)abbeypress.co.uk> wrote:
Still would like to know where Netsurf stores this info -- cache? --
and if there'd be any way to erase it (i.e., to "log out") without
quitting everything else that might be open.
It probably just keeps it in memory without actually storing it
anywhere. I've never been able to find any way to clear that data
without closing the browser. But I must admit it was about a decade ago
I had reason to investigate that for various browsers, so I don't know
what has changed since then. I do know my main (Linux) browser still
works like that.
Further curious observation just now after restarting Netsurf: I
type
the URL as http://archivemag.co.uk/Volume24/01 and give details in the
login box; I get in.
Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time
including the optional www prefix -- and the login box appears again.
So it seems Netsurf treats these as two separate cases, even though
they lead to the identical target in the website itself. OK, no harm
in that, just an observation.
They are separate. Two different urls. The fact they both end up at the
same location doesn't matter to the browser.
Regards,
Frank
10:20 p.m.
New subject: how to make Netsurf forget its logged-in state
In message <c2b1248055.jim(a)abbeypress.net>
Jim Nagel <netsurf(a)abbeypress.co.uk> wrote:
Frank de Bruijn wrote on 14 May:
> If I quit NetSurf it *does* forget the login details, as I would have
> expected. The authentication window pops up again after a restart.
> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?
I'm using Netsurf 3.5 #3433 (with Javascript switched off at the
moment, if that's relevant). And I'll update today, I promise. I
usually update much more frequently; the past month or two are
atypical.
You're right, though: quitting Netsurf does forget the login details.
So that's obviously the simple solution to my original problem.
Still would like to know where Netsurf stores this info -- cache? --
and if there'd be any way to erase it (i.e., to "log out") without
quitting everything else that might be open.
I've been looking at the NS source code, and it appears that the
login username and password are stored as part of the session,
which is simply in RAM - as is lots of other stuff. I don't
know of any way of deleting the session information without
quitting NS. I don't have a login to your site, but it occurred
to me that I see the same behaviour with the ROOL site, so I
tried it so as to remind myself of exactly what happens. When
I have logged in, I can close the window, then open another to
the ROOL site, whereupon I'm logged in automatically. If I quit
and restart NS and open a window to ROOL, I have to log in anew.
I get the same behaviour with Firefox on Linux. If I log in to
ROOL, open a new blank window, close the ROOL window, then open
the blank window to ROOL, I'm automatically logged in; whereas
if I log in, then quit and restart FF, I need to log in anew.
So I think that restarting NS is just what you're going to have
to do.
Dave
____________________________________________________________
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager
8:29 a.m.
New subject: how to make Netsurf forget its logged-in state
Earlier this morning I wrote:
I'll run some tests with the login details you sent me recently
to see
if I can figure out where NetSurf stores this info.
No dice. I don't think it stores it anywhere, which is consistent with
forgetting it after shutdown.
Regards,
Frank
2508
days inactive
2509
days old
netsurf-users@netsurf-browser.org
7 comments
4 participants
participants (4)
-
Ashish Gupta -
Dave Higton -
Frank de Bruijn -
Jim Nagel