Re: how to make Netsurf forget its logged-in state

[Dave Higton]

In message 
  Jim Nagel  wrote:

>Frank de Bruijn  wrote on 14 May:
>>  If I quit NetSurf it *does* forget the login details, as I would have
>> expected. The authentication window pops up again after a restart.
>> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?
>
>I'm using Netsurf 3.5 #3433 (with Javascript switched off at the 
>moment, if that's relevant).  And I'll update today, I promise.  I 
>usually update much more frequently; the past month or two are 
>atypical.
>
>You're right, though:  quitting Netsurf does forget the login details.  
>So that's obviously the simple solution to my original problem.
>
>Still would like to know where Netsurf stores this info -- cache? -- 
>and if there'd be any way to erase it (i.e., to "log out") without 
>quitting everything else that might be open.

I've been looking at the NS source code, and it appears that the
login username and password are stored as part of the session,
which is simply in RAM - as is lots of other stuff.  I don't
know of any way of deleting the session information without
quitting NS.  I don't have a login to your site, but it occurred
to me that I see the same behaviour with the ROOL site, so I
tried it so as to remind myself of exactly what happens.  When
I have logged in, I can close the window, then open another to
the ROOL site, whereupon I'm logged in automatically.  If I quit
and restart NS and open a window to ROOL, I have to log in anew.

I get the same behaviour with Firefox on Linux.  If I log in to
ROOL, open a new blank window, close the ROOL window, then open
the blank window to ROOL, I'm automatically logged in; whereas
if I log in, then quit and restart FF, I need to log in anew.

So I think that restarting NS is just what you're going to have
to do.

Dave


Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager

Re: how to make Netsurf forget its logged-in state

[Frank de Bruijn]

In article ,
   Jim Nagel  wrote:
> Still would like to know where Netsurf stores this info -- cache? --
> and if there'd be any way to erase it (i.e., to "log out") without
> quitting everything else that might be open.

It probably just keeps it in memory without actually storing it
anywhere. I've never been able to find any way to clear that data
without closing the browser. But I must admit it was about a decade ago
I had reason to investigate that for various browsers, so I don't know
what has changed since then. I do know my main (Linux) browser still
works like that.

> Further curious observation just now after restarting Netsurf:  I type
> the URL as http://archivemag.co.uk/Volume24/01 and give details in the
> login box; I get in.
>   Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time
> including the optional www prefix -- and the login box appears again.
>   So it seems Netsurf treats these as two separate cases, even though
> they lead to the identical target in the website itself.  OK, no harm
> in that, just an observation.

They are separate. Two different urls. The fact they both end up at the
same location doesn't matter to the browser.

Regards,
Frank

Re: how to make Netsurf forget its logged-in state

[Jim Nagel]

Frank de Bruijn  wrote on 14 May:
>  If I quit NetSurf it *does* forget the login details, as I would have
> expected. The authentication window pops up again after a restart.
> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?

I'm using Netsurf 3.5 #3433 (with Javascript switched off at the 
moment, if that's relevant).  And I'll update today, I promise.  I 
usually update much more frequently; the past month or two are 
atypical.

You're right, though:  quitting Netsurf does forget the login details.  
So that's obviously the simple solution to my original problem.

Still would like to know where Netsurf stores this info -- cache? -- 
and if there'd be any way to erase it (i.e., to "log out") without 
quitting everything else that might be open.


Further curious observation just now after restarting Netsurf:  I type 
the URL as http://archivemag.co.uk/Volume24/01 and give details in the 
login box; I get in.
  Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time 
including the optional www prefix -- and the login box appears again.
  So it seems Netsurf treats these as two separate cases, even though 
they lead to the identical target in the website itself.  OK, no harm 
in that, just an observation.

-- 
Jim Nagelwww.archivemag.co.uk

how to make Netsurf forget its logged-in state

[Frank de Bruijn]

Earlier this morning I wrote:
> I'll run some tests with the login details you sent me recently to see
> if I can figure out where NetSurf stores this info.

No dice. I don't think it stores it anywhere, which is consistent with
forgetting it after shutdown.

Regards,
Frank

Re: how to make Netsurf forget its logged-in state

[Frank de Bruijn]

In article ,
   Jim Nagel  wrote:
>  [Please reply to the list rather than to me privately.]

> Ashish Gupta  wrote on 13 May:
> > Thanks for explaining the login process. It looks like you make use of
> > Basic Auth for the login.

> The PHP includes statements like this:
>  if (!isset($_SERVER["PHP_AUTH_USER"])

> Does that confirm what you say about "Basic Auth"?  Is that something
> that resides on the server as a resource for customers like me?

That variable does indeed have to do with HTTP authentication. That type
of authentication does not use cookies, but is handled by the browser
internally. It remembers the login details after you've successfully
logged in to a site, but in my experience browsers tend to forget that
after being closed down. If NetSurf retains the information, I *think*
that should be classified as a bug, but I'm not certain. I've just never
seen it happen with the browsers I use regularly.

I'll run some tests with the login details you sent me recently to see
if I can figure out where NetSurf stores this info.

> Then downloaded the log file which the PHP generates on the server and
> checked it.  These login tests do NOT appear on the log.

That's because they're not done by the PHP script, which is server side.
The browser does it all by itself.

Regards,
Frank