BREAKING NEWS!! v2.0 released! (see below)
For a long time I was convinced that having a form-based 'login' and a truly working 'logout' (totally independent of which browser you use), was something technically impossible to accomplish, just because a limitation of the
Basic Authentication scheme (which HFS makes use).
Although this remains to be true (Basic Auth scheme impose limitations), recently I've discovered that HFS also supports "
Digest access authentication" (besides the "
Basic access authentication"). This lets HFS manage logins much better, since it makes use of a "session ID" cookie (named HFS_SID_), which gives us a possibility of having a true logout system.
But, after days of testings, I've found a bug (or an imperfect implementation in the code) that is preventing HFS to forget a previously logged-in session (this breaks the logout system), and was reported HERE. I'm always talking about using a form-based login and not the internal browser popup login (to test this, you have to click cancel on that
popup).
Summarizing: we could have a true logout, when this bug is fixed, and optionally, we will also need to modify the template to avoid opening the browser's login popup, since we will handle the login, only through Ajax (I've also posted there an idea to fix that too).
» How to install:1. Be sure of use the default login of
HFS v2.3m or the
legacy template.
*2. In the "Virtual File System" box, right click on the first element (Home)
3. Properties
4. Diff template
5. Enter the text contained on
Unauthorized-2.txt* = Note: this diff-template could also work with another templates, but it's unstested.
Differences with v1.0- Using now a POST request, which is more secure than GET method.
- Enhanced password security, by using Digest scheme instead of Basic Auth.
(jQuery-free, pure plain JavaScript with no dependencies other than md5.js)
Please report back if you find problems, or want to leave any suggestions or opinions about this.
Cheers,
Leo.-