Invalidating session in spring mvc

Have this function send the XMLHttp Request with a bad username and password. Then set document.location back to the pre-login page.

The following function is confirmed working for Firefox 40, Chrome 44, Opera 31 and IE 11.

Bowser is used for browser detection, j Query is also used.

Is it possible to log out user from a web site if he is using basic authentication?

Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he/she access the site using the same credentials.

Example for Nginx: Based on what I read above I got a simple solution that works on any browser: 1) on you logout page you call an ajax to your login back end. Once the back end accept, the browser clear the current user and assumes the "logout" user.

2) Now when the user got back to the normal index file it will try to automatic enter in the system with the user "logout", on this second time you must block it by reply with 401 to invoke the login/password dialog.

We’ll improve on the application in the second and subsequent installments, but the main changes after this are architectural rather than functional.

HTML5, rich browser-based features, and the "single page application" are extremely valuable tools for modern developers, but any meaningful interactions will involve a backend server, so as well as static content (HTML, CSS and Java Script) we are going to need a backend server.

There are "hacks" (see other answers) typically involving using XMLHttp Request to send an HTTP request with incorrect credentials to overwrite the ones originally supplied. On error page (which must be accessible without basic auth) you need to provide a full link to your home page (including scheme and hostname).

User will click this link and browser will ask for credentials again.

The backend server can play any or all of a number of roles: serving static content, sometimes (but not so often these days) rendering dynamic HTML, authenticating users, securing access to protected resources, and (last but not least) interacting with Java Script in the browser through HTTP and JSON (sometimes referred to as a REST API).

Tags: , ,