Lotus Notes FAQ Visit Our Sponsor!

How do you add a logoff button for web users?

Using the username:password@www.company.com URL does not work because the browser thinks your realm is "username:password@www.company.com" instead of "www.company.com".

You can use a Java servlet to pass a 401 exception to the browser to log someone off of TestRealm (in most cases, this is "www.company.com" or "/"):

// From Terry Courtney
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class LogOff extends HttpServlet {
  public void init(ServletConfig config)
  throws ServletException
    super.init(config) ;

  public void doGet (HttpServletRequest req, HttpServletResponse res)
  throws ServletException, IOException
    String auth ;

    // get output streem
    ServletOutputStream out = res.getOutputStream() ;
    // get authorization from header (if it exists, user is logged in)
    auth = req.getHeader("Authorization") ;
    if (auth != null) {
      // force prompt of login
      res.setHeader("WWW-Authenticate", "WWW-Authenticate: basic realm=\"/TestRealm\"") ;
      res.setStatus(401, "401 Unauthorized") ;

    out.println("Not logged in.") ;

  } // end doGet

} // end class LogOff

When you call this servlet w/ a URL of http://www.company.com/LogOff, it will send the right HTTP headers back to the browser to trick the browser into thinking that the user did not authenticate with this Realm. This technique will tell your browser it is no longer authenticated, but only if you are using Basic Authentication. R5 has Session Authentication which can be used to autologoff a user after a period of inactivity.

This servlet can also be written as a LotusScript agent which is run from a web page:
Print "Status: 401"
Print |WWW-Authenticate: Basic realm="/

Print "Logged out."

In R5, you can turn on session authentication and then use this URL: http://www.company.com/db.nsf?Logoff

Applies to Notes Versions: 4.5, 4.6, 5
Last Modified: January 23, 2001