Re: how to make Netsurf forget its logged-in state

[Richard Porter]

On 17 May 2016 Harriet Bazley  wrote:

> On 12 May 2016 as I do recall,
>   Jim Nagel  wrote:

>> Harriet Bazley  wrote on 12 May:

>> Cache: Is there an easy way to clear the Netsurf cache?  Where is it?
>>

> I don't know about 'easy'...
> It's a directory in !Scrap: .WWW.NetSurf.Cache
> It can be deleted manually, which may or may not help.

There's a nice little utility called !ShowScrap that opens the 
IDdisabled directory for you (then WWW > NetSurf > Cache as above).
I keep it on my launcher (!MenuBar).

-- 
Richard Porterhttp://www.minijem.plus.com/
Skype: minijem2   mailto:r...@minijem.plus.com
I don't want a "user experience" - I just want stuff that works.

Re: how to make Netsurf forget its logged-in state

[Harriet Bazley]

On 12 May 2016 as I do recall,
  Jim Nagel  wrote:

> Harriet Bazley  wrote on 12 May:
> > Clearing the cache/cookie file?
>
> Thanks.
>
> Cookies:  none involved -- it's my own site I'm talking about, and it
> doesn't make any cookies.
>
> Cache: Is there an easy way to clear the Netsurf cache?  Where is it?
>

I don't know about 'easy'...
It's a directory in !Scrap: .WWW.NetSurf.Cache
It can be deleted manually, which may or may not help.

-- 
Harriet Bazley ==  Loyaulte me lie ==

Sattinger's Law:  It works better if you plug it in.

Re: how to make Netsurf forget its logged-in state

[Vincent Sanders]

On Thu, May 12, 2016 at 01:21:43AM +0100, Jim Nagel wrote:
> I'm tinkering with something on my own website, an area that requires 
> the viewer to provide a username and password.
> 
> I successfully get in with my own username and password.  Now I want 
> to test those of another user.
> 
> So I click the link that takes me to the subsite -- and I'm straight 
> in; I don't see any box asking for username and password.
> 
> Tried Ctrl-F5, menu Reload, tried deleting from the History file, 
> tried quitting and relaunching Netsurf.  Still never see the login box 
> again.
> 
> How do I "log out"?  (If that's the correct term in this situation.  
> Maybe it's more like changing the "state".)
> 
> -- 
> Jim Nagelwww.archivemag.co.uk
> 
> 

You appear to be using basic authentication login. In which case you
can get all the gory details [1] on stack overflow. Efectively basic
auth has no way of logging out!

NetSurf implements basic auth by simply keeping the details in the
memory based url database untill the browser is quit (inline with
every other browser) and short of a load of javascript messing about
(which I doubt we get right) there is nothing to be done and we work
as specified.

[1] 
http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication


-- 
Regards Vincent
http://www.kyllikki.org/

Re: how to make Netsurf forget its logged-in state

[Peter Slegg]

> Date: Sat, 14 May 2016 14:24:46 +0100
> From: Jim Nagel <nets...@abbeypress.co.uk>
> Subject: Re: how to make Netsurf forget its logged-in state
>
> Frank de Bruijn  wrote on 14 May:
> >  If I quit NetSurf it *does* forget the login details, as I would have
> > expected. The authentication window pops up again after a restart.
> > That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?
>
> I'm using Netsurf 3.5 #3433 (with Javascript switched off at the
> moment, if that's relevant).  And I'll update today, I promise.  I
> usually update much more frequently; the past month or two are
> atypical.
>
> You're right, though:  quitting Netsurf does forget the login details.
> So that's obviously the simple solution to my original problem.
>
> Still would like to know where Netsurf stores this info -- cache? --
> and if there'd be any way to erase it (i.e., to "log out") without
> quitting everything else that might be open.
>
>

This sounds like the sort of session behaviour that (Oracle) single sign-on
provides. Once you sign-in the browser remembers until you close the whole
browser, this is how IE, Firefox behave with Oracle sso.

Peter

Re: how to make Netsurf forget its logged-in state

[Dave Higton]

In message 
  Jim Nagel  wrote:

>Frank de Bruijn  wrote on 14 May:
>>  If I quit NetSurf it *does* forget the login details, as I would have
>> expected. The authentication window pops up again after a restart.
>> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?
>
>I'm using Netsurf 3.5 #3433 (with Javascript switched off at the 
>moment, if that's relevant).  And I'll update today, I promise.  I 
>usually update much more frequently; the past month or two are 
>atypical.
>
>You're right, though:  quitting Netsurf does forget the login details.  
>So that's obviously the simple solution to my original problem.
>
>Still would like to know where Netsurf stores this info -- cache? -- 
>and if there'd be any way to erase it (i.e., to "log out") without 
>quitting everything else that might be open.

I've been looking at the NS source code, and it appears that the
login username and password are stored as part of the session,
which is simply in RAM - as is lots of other stuff.  I don't
know of any way of deleting the session information without
quitting NS.  I don't have a login to your site, but it occurred
to me that I see the same behaviour with the ROOL site, so I
tried it so as to remind myself of exactly what happens.  When
I have logged in, I can close the window, then open another to
the ROOL site, whereupon I'm logged in automatically.  If I quit
and restart NS and open a window to ROOL, I have to log in anew.

I get the same behaviour with Firefox on Linux.  If I log in to
ROOL, open a new blank window, close the ROOL window, then open
the blank window to ROOL, I'm automatically logged in; whereas
if I log in, then quit and restart FF, I need to log in anew.

So I think that restarting NS is just what you're going to have
to do.

Dave


Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager

Re: how to make Netsurf forget its logged-in state

[Frank de Bruijn]

In article ,
   Jim Nagel  wrote:
> Still would like to know where Netsurf stores this info -- cache? --
> and if there'd be any way to erase it (i.e., to "log out") without
> quitting everything else that might be open.

It probably just keeps it in memory without actually storing it
anywhere. I've never been able to find any way to clear that data
without closing the browser. But I must admit it was about a decade ago
I had reason to investigate that for various browsers, so I don't know
what has changed since then. I do know my main (Linux) browser still
works like that.

> Further curious observation just now after restarting Netsurf:  I type
> the URL as http://archivemag.co.uk/Volume24/01 and give details in the
> login box; I get in.
>   Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time
> including the optional www prefix -- and the login box appears again.
>   So it seems Netsurf treats these as two separate cases, even though
> they lead to the identical target in the website itself.  OK, no harm
> in that, just an observation.

They are separate. Two different urls. The fact they both end up at the
same location doesn't matter to the browser.

Regards,
Frank

Re: how to make Netsurf forget its logged-in state

[Jim Nagel]

Frank de Bruijn  wrote on 14 May:
>  If I quit NetSurf it *does* forget the login details, as I would have
> expected. The authentication window pops up again after a restart.
> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using?

I'm using Netsurf 3.5 #3433 (with Javascript switched off at the 
moment, if that's relevant).  And I'll update today, I promise.  I 
usually update much more frequently; the past month or two are 
atypical.

You're right, though:  quitting Netsurf does forget the login details.  
So that's obviously the simple solution to my original problem.

Still would like to know where Netsurf stores this info -- cache? -- 
and if there'd be any way to erase it (i.e., to "log out") without 
quitting everything else that might be open.


Further curious observation just now after restarting Netsurf:  I type 
the URL as http://archivemag.co.uk/Volume24/01 and give details in the 
login box; I get in.
  Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time 
including the optional www prefix -- and the login box appears again.
  So it seems Netsurf treats these as two separate cases, even though 
they lead to the identical target in the website itself.  OK, no harm 
in that, just an observation.

-- 
Jim Nagelwww.archivemag.co.uk

Re: how to make Netsurf forget its logged-in state

[Frank de Bruijn]

In article ,
   Jim Nagel  wrote:
>  [Please reply to the list rather than to me privately.]

> Ashish Gupta  wrote on 13 May:
> > Thanks for explaining the login process. It looks like you make use of
> > Basic Auth for the login.

> The PHP includes statements like this:
>  if (!isset($_SERVER["PHP_AUTH_USER"])

> Does that confirm what you say about "Basic Auth"?  Is that something
> that resides on the server as a resource for customers like me?

That variable does indeed have to do with HTTP authentication. That type
of authentication does not use cookies, but is handled by the browser
internally. It remembers the login details after you've successfully
logged in to a site, but in my experience browsers tend to forget that
after being closed down. If NetSurf retains the information, I *think*
that should be classified as a bug, but I'm not certain. I've just never
seen it happen with the browsers I use regularly.

I'll run some tests with the login details you sent me recently to see
if I can figure out where NetSurf stores this info.

> Then downloaded the log file which the PHP generates on the server and
> checked it.  These login tests do NOT appear on the log.

That's because they're not done by the PHP script, which is server side.
The browser does it all by itself.

Regards,
Frank

Re: how to make Netsurf forget its logged-in state

[Jim Nagel]

 [Please reply to the list rather than to me privately.]

Ashish Gupta  wrote on 13 May:
> Thanks for explaining the login process. It looks like you make use of
> Basic Auth for the login.

The PHP includes statements like this:
 if (!isset($_SERVER["PHP_AUTH_USER"])

Does that confirm what you say about "Basic Auth"?  Is that something 
that resides on the server as a resource for customers like me?  (As 
you can see, my knowledge of PHP is minimal; this routine was written 
for me by somebody else.)


> I think you should be able to destroy the saved state if you login
> using another username and password.

> Could you try doing this ?
> Open this URL, http://username:passw...@yoursite.com in netsurf.

Did that, using a different valid username as part of the URL, as you 
suggest.  Got in without seeing a login box.

> Could you try a couple of cases ?
> One, a username password which is valid but different from the saved one.

> A different (invalid) username password combo.
> I am hoping the invalid combo forces the login window next time (or
> locks you out).

Did those tests too.  In all cases, I got in without seeing a login 
box.

Then downloaded the log file which the PHP generates on the server and 
checked it.  These login tests do NOT appear on the log.

-- 
Jim Nagelwww.archivemag.co.uk

Re: how to make Netsurf forget its logged-in state

[Ashish Gupta]

Thanks for explaining the login process. It looks like you make use of
Basic Auth for the login. I think you should be able to destroy the saved
state if you login using another username and password.

Could you try doing this ?
Open this URL, http://username:passw...@yoursite.com in netsurf.

Could you try a couple of cases ?
One, a username password which is valid but different from the saved one.

A different (invalid) username password combo.
I am hoping the invalid combo forces the login window next time (or locks
you out).

On May 12, 2016 10:31 PM, "Jim Nagel"  wrote:
>
> Ashish Gupta  wrote on 12 May:
> > It would help if you could elaborate on this login process that your
> > site relies on.
>
> It's a pretty simple PHP script that asks for a username and password.
> The user submits* these, the PHP checks against its list of authorized
> users, if there's a match you're in.
>
> The username and password are input via a standard dialogue box, which
> I guess is provided by the OS or by the browser -- the RiscOS box is
> most familiar to me.
>I also tested with Firefox on Windows and saw an equivalent box
> there, followed by a popup box that asked if I want Firefox to
> remember the details for next time; I said no.  RiscOS had no such
> popup.
>Also tested with the default browser on my Android phone:  again an
> equivalent login box.  Tried that one again just now (two or three
> hours after first access):  I'm straight in without being asked for
> username and password.
>
>
> > I am also curious to know how a session is maintained as you mentioned
> > that cookies are not used.
>
> Exactly what I too am curious about.
>When I asked my PHP guru about this, he said HTML is "stateless" --
> meaning, I think, that HTML itself does not register the state of
> logged-in-ness.
>
> --
> Jim Nagelwww.archivemag.co.uk

Re: how to make Netsurf forget its logged-in state

[Ashish Gupta]

It would help if you could elaborate on this login process that your site
relies on . I am also curious to know how a session is maintained as you
mentioned that cookies are not used.
On May 12, 2016 8:27 PM, "Jim Nagel"  wrote:

> Harriet Bazley  wrote on 12 May:
> > Clearing the cache/cookie file?
>
> Thanks.
>
> Cookies:  none involved -- it's my own site I'm talking about, and it
> doesn't make any cookies.
>
> Cache: Is there an easy way to clear the Netsurf cache?  Where is it?
>
> >From the web page displayed in Netsurf, menu>Utilities offers Hotlist,
> History and Cookies; no mention of Cache.  The relevant History entry
> can be cleared, but that does not cure my present problem.
>
> Iconbar menu leads to History and to Cookies, but no mention of Cache.
>
> Iconbar Choices includes Cache, but the resulting dialogue does not
> mention clearing it.
>
> --
> Jim Nagelwww.archivemag.co.uk
>
>

Re: how to make Netsurf forget its logged-in state

[Jim Nagel]

Harriet Bazley  wrote on 12 May:
> Clearing the cache/cookie file?

Thanks.

Cookies:  none involved -- it's my own site I'm talking about, and it 
doesn't make any cookies.

Cache: Is there an easy way to clear the Netsurf cache?  Where is it?

>From the web page displayed in Netsurf, menu>Utilities offers Hotlist, 
History and Cookies; no mention of Cache.  The relevant History entry 
can be cleared, but that does not cure my present problem.

Iconbar menu leads to History and to Cookies, but no mention of Cache.

Iconbar Choices includes Cache, but the resulting dialogue does not 
mention clearing it.

-- 
Jim Nagelwww.archivemag.co.uk

Re: how to make Netsurf forget its logged-in state

[Harriet Bazley]

On 12 May 2016 as I do recall,
  Jim Nagel  wrote:

> I'm tinkering with something on my own website, an area that requires
> the viewer to provide a username and password.
>
> I successfully get in with my own username and password.  Now I want
> to test those of another user.
>
> So I click the link that takes me to the subsite -- and I'm straight
> in; I don't see any box asking for username and password.
>
> Tried Ctrl-F5, menu Reload, tried deleting from the History file,
> tried quitting and relaunching Netsurf.  Still never see the login box
> again.
>
> How do I "log out"?  (If that's the correct term in this situation.
> Maybe it's more like changing the "state".)
>

Clearing the cache/cookie file?

(This worked for me in a remote site where the 'logout' link didn't function
with Netsurf, but then the site was setting cookies to store log-in status.)

-- 
Harriet Bazley ==  Loyaulte me lie ==

We prefer to speak evil of ourselves than not speak of ourselves at all.