how to make Netsurf forget its logged-in state

Jim Nagel netsurf at abbeypress.co.uk
Fri May 13 15:13:42 BST 2016


     [Please reply to the list rather than to me privately.]

Ashish Gupta  wrote on 13 May:
> Thanks for explaining the login process. It looks like you make use of
> Basic Auth for the login.

The PHP includes statements like this:
     if (!isset($_SERVER["PHP_AUTH_USER"])

Does that confirm what you say about "Basic Auth"?  Is that something 
that resides on the server as a resource for customers like me?  (As 
you can see, my knowledge of PHP is minimal; this routine was written 
for me by somebody else.)


> I think you should be able to destroy the saved state if you login
> using another username and password.

> Could you try doing this ?
> Open this URL, http://username:password@yoursite.com in netsurf.

Did that, using a different valid username as part of the URL, as you 
suggest.  Got in without seeing a login box.

> Could you try a couple of cases ?
> One, a username password which is valid but different from the saved one.

> A different (invalid) username password combo.
> I am hoping the invalid combo forces the login window next time (or
> locks you out).

Did those tests too.  In all cases, I got in without seeing a login 
box.

Then downloaded the log file which the PHP generates on the server and 
checked it.  These login tests do NOT appear on the log.

-- 
Jim Nagel                        www.archivemag.co.uk



More information about the netsurf-users mailing list