Re: how to make Netsurf forget its logged-in state
On 17 May 2016 Harriet Bazley wrote: > On 12 May 2016 as I do recall, > Jim Nagel wrote: >> Harriet Bazley wrote on 12 May: >> Cache: Is there an easy way to clear the Netsurf cache? Where is it? >> > I don't know about 'easy'... > It's a directory in !Scrap:.WWW.NetSurf.Cache > It can be deleted manually, which may or may not help. There's a nice little utility called !ShowScrap that opens the IDdisabled directory for you (then WWW > NetSurf > Cache as above). I keep it on my launcher (!MenuBar). -- Richard Porterhttp://www.minijem.plus.com/ Skype: minijem2 mailto:r...@minijem.plus.com I don't want a "user experience" - I just want stuff that works.
Re: how to make Netsurf forget its logged-in state
On 12 May 2016 as I do recall, Jim Nagel wrote: > Harriet Bazley wrote on 12 May: > > Clearing the cache/cookie file? > > Thanks. > > Cookies: none involved -- it's my own site I'm talking about, and it > doesn't make any cookies. > > Cache: Is there an easy way to clear the Netsurf cache? Where is it? > I don't know about 'easy'... It's a directory in !Scrap:.WWW.NetSurf.Cache It can be deleted manually, which may or may not help. -- Harriet Bazley == Loyaulte me lie == Sattinger's Law: It works better if you plug it in.
Re: how to make Netsurf forget its logged-in state
On Thu, May 12, 2016 at 01:21:43AM +0100, Jim Nagel wrote: > I'm tinkering with something on my own website, an area that requires > the viewer to provide a username and password. > > I successfully get in with my own username and password. Now I want > to test those of another user. > > So I click the link that takes me to the subsite -- and I'm straight > in; I don't see any box asking for username and password. > > Tried Ctrl-F5, menu Reload, tried deleting from the History file, > tried quitting and relaunching Netsurf. Still never see the login box > again. > > How do I "log out"? (If that's the correct term in this situation. > Maybe it's more like changing the "state".) > > -- > Jim Nagelwww.archivemag.co.uk > > You appear to be using basic authentication login. In which case you can get all the gory details [1] on stack overflow. Efectively basic auth has no way of logging out! NetSurf implements basic auth by simply keeping the details in the memory based url database untill the browser is quit (inline with every other browser) and short of a load of javascript messing about (which I doubt we get right) there is nothing to be done and we work as specified. [1] http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication -- Regards Vincent http://www.kyllikki.org/
Re: how to make Netsurf forget its logged-in state
> Date: Sat, 14 May 2016 14:24:46 +0100 > From: Jim Nagel <nets...@abbeypress.co.uk> > Subject: Re: how to make Netsurf forget its logged-in state > > Frank de Bruijn wrote on 14 May: > > If I quit NetSurf it *does* forget the login details, as I would have > > expected. The authentication window pops up again after a restart. > > That's with NetSurf 3.6 (Dev CI #3538). Which version are you using? > > I'm using Netsurf 3.5 #3433 (with Javascript switched off at the > moment, if that's relevant). And I'll update today, I promise. I > usually update much more frequently; the past month or two are > atypical. > > You're right, though: quitting Netsurf does forget the login details. > So that's obviously the simple solution to my original problem. > > Still would like to know where Netsurf stores this info -- cache? -- > and if there'd be any way to erase it (i.e., to "log out") without > quitting everything else that might be open. > > This sounds like the sort of session behaviour that (Oracle) single sign-on provides. Once you sign-in the browser remembers until you close the whole browser, this is how IE, Firefox behave with Oracle sso. Peter
Re: how to make Netsurf forget its logged-in state
In messageJim Nagel wrote: >Frank de Bruijn wrote on 14 May: >> If I quit NetSurf it *does* forget the login details, as I would have >> expected. The authentication window pops up again after a restart. >> That's with NetSurf 3.6 (Dev CI #3538). Which version are you using? > >I'm using Netsurf 3.5 #3433 (with Javascript switched off at the >moment, if that's relevant). And I'll update today, I promise. I >usually update much more frequently; the past month or two are >atypical. > >You're right, though: quitting Netsurf does forget the login details. >So that's obviously the simple solution to my original problem. > >Still would like to know where Netsurf stores this info -- cache? -- >and if there'd be any way to erase it (i.e., to "log out") without >quitting everything else that might be open. I've been looking at the NS source code, and it appears that the login username and password are stored as part of the session, which is simply in RAM - as is lots of other stuff. I don't know of any way of deleting the session information without quitting NS. I don't have a login to your site, but it occurred to me that I see the same behaviour with the ROOL site, so I tried it so as to remind myself of exactly what happens. When I have logged in, I can close the window, then open another to the ROOL site, whereupon I'm logged in automatically. If I quit and restart NS and open a window to ROOL, I have to log in anew. I get the same behaviour with Firefox on Linux. If I log in to ROOL, open a new blank window, close the ROOL window, then open the blank window to ROOL, I'm automatically logged in; whereas if I log in, then quit and restart FF, I need to log in anew. So I think that restarting NS is just what you're going to have to do. Dave Can't remember your password? Do you need a strong and secure password? Use Password manager! It stores your passwords & protects your account. Check it out at http://mysecurelogon.com/password-manager
Re: how to make Netsurf forget its logged-in state
In article, Jim Nagel wrote: > Still would like to know where Netsurf stores this info -- cache? -- > and if there'd be any way to erase it (i.e., to "log out") without > quitting everything else that might be open. It probably just keeps it in memory without actually storing it anywhere. I've never been able to find any way to clear that data without closing the browser. But I must admit it was about a decade ago I had reason to investigate that for various browsers, so I don't know what has changed since then. I do know my main (Linux) browser still works like that. > Further curious observation just now after restarting Netsurf: I type > the URL as http://archivemag.co.uk/Volume24/01 and give details in the > login box; I get in. > Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time > including the optional www prefix -- and the login box appears again. > So it seems Netsurf treats these as two separate cases, even though > they lead to the identical target in the website itself. OK, no harm > in that, just an observation. They are separate. Two different urls. The fact they both end up at the same location doesn't matter to the browser. Regards, Frank
Re: how to make Netsurf forget its logged-in state
Frank de Bruijn wrote on 14 May: > If I quit NetSurf it *does* forget the login details, as I would have > expected. The authentication window pops up again after a restart. > That's with NetSurf 3.6 (Dev CI #3538). Which version are you using? I'm using Netsurf 3.5 #3433 (with Javascript switched off at the moment, if that's relevant). And I'll update today, I promise. I usually update much more frequently; the past month or two are atypical. You're right, though: quitting Netsurf does forget the login details. So that's obviously the simple solution to my original problem. Still would like to know where Netsurf stores this info -- cache? -- and if there'd be any way to erase it (i.e., to "log out") without quitting everything else that might be open. Further curious observation just now after restarting Netsurf: I type the URL as http://archivemag.co.uk/Volume24/01 and give details in the login box; I get in. Then I type the URL as www.archivemag.co.uk/Volume24/01 -- this time including the optional www prefix -- and the login box appears again. So it seems Netsurf treats these as two separate cases, even though they lead to the identical target in the website itself. OK, no harm in that, just an observation. -- Jim Nagelwww.archivemag.co.uk
Re: how to make Netsurf forget its logged-in state
In article, Jim Nagel wrote: > [Please reply to the list rather than to me privately.] > Ashish Gupta wrote on 13 May: > > Thanks for explaining the login process. It looks like you make use of > > Basic Auth for the login. > The PHP includes statements like this: > if (!isset($_SERVER["PHP_AUTH_USER"]) > Does that confirm what you say about "Basic Auth"? Is that something > that resides on the server as a resource for customers like me? That variable does indeed have to do with HTTP authentication. That type of authentication does not use cookies, but is handled by the browser internally. It remembers the login details after you've successfully logged in to a site, but in my experience browsers tend to forget that after being closed down. If NetSurf retains the information, I *think* that should be classified as a bug, but I'm not certain. I've just never seen it happen with the browsers I use regularly. I'll run some tests with the login details you sent me recently to see if I can figure out where NetSurf stores this info. > Then downloaded the log file which the PHP generates on the server and > checked it. These login tests do NOT appear on the log. That's because they're not done by the PHP script, which is server side. The browser does it all by itself. Regards, Frank
Re: how to make Netsurf forget its logged-in state
[Please reply to the list rather than to me privately.] Ashish Gupta wrote on 13 May: > Thanks for explaining the login process. It looks like you make use of > Basic Auth for the login. The PHP includes statements like this: if (!isset($_SERVER["PHP_AUTH_USER"]) Does that confirm what you say about "Basic Auth"? Is that something that resides on the server as a resource for customers like me? (As you can see, my knowledge of PHP is minimal; this routine was written for me by somebody else.) > I think you should be able to destroy the saved state if you login > using another username and password. > Could you try doing this ? > Open this URL, http://username:passw...@yoursite.com in netsurf. Did that, using a different valid username as part of the URL, as you suggest. Got in without seeing a login box. > Could you try a couple of cases ? > One, a username password which is valid but different from the saved one. > A different (invalid) username password combo. > I am hoping the invalid combo forces the login window next time (or > locks you out). Did those tests too. In all cases, I got in without seeing a login box. Then downloaded the log file which the PHP generates on the server and checked it. These login tests do NOT appear on the log. -- Jim Nagelwww.archivemag.co.uk
Re: how to make Netsurf forget its logged-in state
Thanks for explaining the login process. It looks like you make use of Basic Auth for the login. I think you should be able to destroy the saved state if you login using another username and password. Could you try doing this ? Open this URL, http://username:passw...@yoursite.com in netsurf. Could you try a couple of cases ? One, a username password which is valid but different from the saved one. A different (invalid) username password combo. I am hoping the invalid combo forces the login window next time (or locks you out). On May 12, 2016 10:31 PM, "Jim Nagel"wrote: > > Ashish Gupta wrote on 12 May: > > It would help if you could elaborate on this login process that your > > site relies on. > > It's a pretty simple PHP script that asks for a username and password. > The user submits* these, the PHP checks against its list of authorized > users, if there's a match you're in. > > The username and password are input via a standard dialogue box, which > I guess is provided by the OS or by the browser -- the RiscOS box is > most familiar to me. >I also tested with Firefox on Windows and saw an equivalent box > there, followed by a popup box that asked if I want Firefox to > remember the details for next time; I said no. RiscOS had no such > popup. >Also tested with the default browser on my Android phone: again an > equivalent login box. Tried that one again just now (two or three > hours after first access): I'm straight in without being asked for > username and password. > > > > I am also curious to know how a session is maintained as you mentioned > > that cookies are not used. > > Exactly what I too am curious about. >When I asked my PHP guru about this, he said HTML is "stateless" -- > meaning, I think, that HTML itself does not register the state of > logged-in-ness. > > -- > Jim Nagelwww.archivemag.co.uk
Re: how to make Netsurf forget its logged-in state
It would help if you could elaborate on this login process that your site relies on . I am also curious to know how a session is maintained as you mentioned that cookies are not used. On May 12, 2016 8:27 PM, "Jim Nagel"wrote: > Harriet Bazley wrote on 12 May: > > Clearing the cache/cookie file? > > Thanks. > > Cookies: none involved -- it's my own site I'm talking about, and it > doesn't make any cookies. > > Cache: Is there an easy way to clear the Netsurf cache? Where is it? > > >From the web page displayed in Netsurf, menu>Utilities offers Hotlist, > History and Cookies; no mention of Cache. The relevant History entry > can be cleared, but that does not cure my present problem. > > Iconbar menu leads to History and to Cookies, but no mention of Cache. > > Iconbar Choices includes Cache, but the resulting dialogue does not > mention clearing it. > > -- > Jim Nagelwww.archivemag.co.uk > >
Re: how to make Netsurf forget its logged-in state
Harriet Bazley wrote on 12 May: > Clearing the cache/cookie file? Thanks. Cookies: none involved -- it's my own site I'm talking about, and it doesn't make any cookies. Cache: Is there an easy way to clear the Netsurf cache? Where is it? >From the web page displayed in Netsurf, menu>Utilities offers Hotlist, History and Cookies; no mention of Cache. The relevant History entry can be cleared, but that does not cure my present problem. Iconbar menu leads to History and to Cookies, but no mention of Cache. Iconbar Choices includes Cache, but the resulting dialogue does not mention clearing it. -- Jim Nagelwww.archivemag.co.uk
Re: how to make Netsurf forget its logged-in state
On 12 May 2016 as I do recall, Jim Nagel wrote: > I'm tinkering with something on my own website, an area that requires > the viewer to provide a username and password. > > I successfully get in with my own username and password. Now I want > to test those of another user. > > So I click the link that takes me to the subsite -- and I'm straight > in; I don't see any box asking for username and password. > > Tried Ctrl-F5, menu Reload, tried deleting from the History file, > tried quitting and relaunching Netsurf. Still never see the login box > again. > > How do I "log out"? (If that's the correct term in this situation. > Maybe it's more like changing the "state".) > Clearing the cache/cookie file? (This worked for me in a remote site where the 'logout' link didn't function with Netsurf, but then the site was setting cookies to store log-in status.) -- Harriet Bazley == Loyaulte me lie == We prefer to speak evil of ourselves than not speak of ourselves at all.