rejetto forum

A Method to Logout a User With.

H Iris · 2 · 1967

0 Members and 1 Guest are viewing this topic.

Offline H Iris

  • Occasional poster
  • *
    • Posts: 3
    • View Profile
The file system I used to test this was:

/Members/{Admin; User1}
----------/Downloads/{all users}
---------------------/fileA.txt
----------/Uploads/{all users}
----------/Logout/{@ anonymous}

Now for Firefox and Safari password protecting /Members/ with whatever accounts that you want (In my test Admin and User1) and then password protecting /logout/ for @anonymous.

The user clcks /Logout/ and then hits cancel for the login prompt they come up with "Unauthorised" in Firefox, and in Safari nothing happens to the screen.
Code: [Select]
NOTE FOR SAFARI:
But in Safari if you click /Logout/ again you go through to "No Files" and in the top left
'Login' instead of their user name and when clicking on 'Up' they are prompteed for their
login again. most importantly no ammount of clicking 'Up' lets them back into the
/Members/ folder.

The Clincher:
For both Firefox and Safari clicking the Back button from /Logout/ (Well whatever they each see) will take them back to members

**Collective Gasp from the Audience**

However none of the folders can be accessed if you dont have the password.
Also I foundout that is my web history goes:

/Members/
/Downloads/
/Members/ (Used the 'Up' button)
/Logout/

and then I leave the computer alone, even if back is clicked until /Downloads/ is on the screen /fileA.txt cannot be downloaded without a password and if they click back past the first /Members/ page clicking forwards\looking at the history and so on won't help them because the pages cannot be accessed without a username and password.

However for the people who use Internet Explorer (8 and 6 tested) /Logout/ doesn't work. the back button and history will get you in every time.

So the simple answer is you still can use IE Just add another another user called 'logout' with no password (or I initialy use 'logout as the pasword as well) and change the file name to /Logout - User: logout - No Pass/ (or if their is a password /... - Pass: logout/)
this prevent history and the back button being used because that computer is loged into 'logout' and not able to access tthe other folders.

If someone finds a hole in this please tell me. http://www.anonomi.com/7hiris

But this does solve the problem of borrowing someones computer to check a hosted server and then opening it in the web browser that they already have open (new tab or EVEN a new window) and the shuting that so they can continue using the browser and then relising that they have stolen your files. Because for Safari and Firefox ALL windows and tabs must be shut to use that as the logout.
« Last Edit: May 20, 2009, 04:42:16 AM by H Iris »
This post is transmitted on 100% recycled electrons


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
welcome Iris!
thank you for sharing this, i will look into it when i'm not overloaded by my job!