|
|
How do you add a logoff button for web users?
Using the username:password@www.company.com URL does not work because the browser thinks your realm is "username:password@www.company.com" instead of "www.company.com".
You can use a Java servlet to pass a 401 exception to the browser to log someone off of TestRealm (in most cases, this is "www.company.com" or "/"):
// From Terry Courtney import java.io.*; import javax.servlet.*; import javax.servlet.http.*;
public class LogOff extends HttpServlet {
public void init(ServletConfig config)
throws ServletException
{
super.init(config) ;
}
public void doGet (HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
{
String auth ;
// get output streem
ServletOutputStream out = res.getOutputStream() ;
// get authorization from header (if it exists, user is logged in)
auth = req.getHeader("Authorization") ;
if (auth != null) {
// force prompt of login
res.setContentType("text/html");
res.setHeader("WWW-Authenticate", "WWW-Authenticate: basic realm=\"/TestRealm\"") ;
res.setStatus(401, "401 Unauthorized") ;
}
out.println("Not logged in.") ;
} // end doGet
} // end class LogOff
When you call this servlet w/ a URL of http://www.company.com/LogOff, it will send the right HTTP headers back to the browser to trick the browser into thinking that the user did not authenticate with this Realm. This technique will tell your browser it is no longer authenticated, but only if you are using Basic Authentication. R5 has Session Authentication which can be used to autologoff a user after a period of inactivity.
This servlet can also be written as a LotusScript agent which is run from a web page:
Print "Status: 401"
Print |WWW-Authenticate: Basic realm="/
TestRealm"|
Print "Logged out."
In R5, you can turn on session authentication and then use this URL: http://www.company.com/db.nsf?Logoff