The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

No Logout???

Discussion in 'General Discussion' started by felice, Sep 25, 2002.

  1. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Um, why doesn't the logout in cpanel actually log you out?
     
  2. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    It, uhh, does. What problems are you having?
     
  3. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    After logging out, I can go straight back in to CPanel without having to supply a password. Logout takes me to a page that says that I've logged out, but doesn't actually affect ability to access functionality. This is something of a security issue...
     
  4. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    After you go back, press F5 ;)
     
  5. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Yes, closing the browser works, but that has nothing to do with logging out. Other services have no trouble providing real logout - this forum being an obvious example, along with my old ISP's webmail, hotmail, etc.
     
  6. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    F5 doesn't have any obvious effect.
     
  7. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Then it's your browser, not cPanel.
     
  8. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    [quote:8ff46ff91a][i:8ff46ff91a]Originally posted by felice[/i:8ff46ff91a]
    Yes, closing the browser works, but that has nothing to do with logging out. Other services have no trouble providing real logout - this forum being an obvious example, along with my old ISP's webmail, hotmail, etc.[/quote:8ff46ff91a]

    This forum authenticates via cookies, cpanel does via HTTP basic authentication. There's no reliable way that a logout can be provided for such system, since there's nothing in the protocol to delete auth info from a browser's cache. If you want to logout, close all instances of your browser. If that doesn't solve the problem, then your browser is not secure.
     
  9. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Is there a reason that CPanel doesn't use cookies (or preferably server-side authentication)? There shouldn't be a log out option if logging out isn't possible.
     
  10. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    I can logout aswell as a lot of other people. cPanel DOES use cookies.
     
  11. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    Cpanel does not use cookies. I have cookies off and can log in fine. It is basic .htaccess http authentication.

    There is only one simple and fool proof method for logging out. Close your browser.

    This is true of the RaQ4i control panel also. Http authentication is probably the most secure form of authentication you can have. It is far more secure than cookies that could be stolen from you system.
     
  12. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    [quote:f876ddf9ae][i:f876ddf9ae]Originally posted by felice[/i:f876ddf9ae]
    Is there a reason that CPanel doesn't use cookies
    [/quote:f876ddf9ae]

    Actually cpanel sets a cookie (cprelogin='no') before logging in. I guess it can never change to 'yes' if you're rejecting cookies.

    [quote:f876ddf9ae](or preferably server-side authentication)?[/quote:f876ddf9ae]

    Authentication takes place on the server, which is obviously better than having to depend on the user supporting cookies. But since auth data must be sent on every page request, browsers usually cache that information so users don't have to type it all the time. But that happens inside the browser, it doesn't have anything to do with the HTTP protocol - CPanel cannot delete that info.

    [quote:f876ddf9ae]There shouldn't be a log out option if logging out isn't possible.[/quote:f876ddf9ae]
    I agree. I would say more: There shouldn't be a log out option because logging out isn't possible (unless you close your browser, or whatever you have to do with your browser to delete auth info).
     
  13. felice

    felice Member

    Joined:
    Sep 25, 2002
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    [quote:5e2d5f1713]Authentication takes place on the server, which is obviously better than having to depend on the user supporting cookies. But since auth data must be sent on every page request, browsers usually cache that information so users don't have to type it all the time. But that happens inside the browser, it doesn't have anything to do with the HTTP protocol - CPanel cannot delete that info.
    [/quote:5e2d5f1713]

    Cookies or HTTP Authentication aren't the only options. WebHub from href.com handles security nicely... a session id is passed in the url, and any cookie-type information is stored on the server. Logging out deletes the session, so old urls are no longer valid.
     
  14. rbmatt

    rbmatt Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    &Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively 'log out' a user, forcing them to re-enter their username and password. Some people use this to 'time out' logins, or provide a 'log-out' button.&

    Can we use this?
     
  15. ronnieutd

    ronnieutd Registered

    Joined:
    Dec 23, 2002
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    You can also resolve this (as we did) but putting pragma-nocache headers in your cpanel theme (to keep the main index.html from being cached)....

    In the HEAD section:

    &META HTTP-EQUIV=&PRAGMA& CONTENT=&NO-CACHE&&

    then link to &/logout& as has been discussed. When client his back, page won't be cached and will get re-prompted for login (at least this is how it works on our end ;)
     
Loading...
Similar Threads - Logout
  1. kulturdesign
    Replies:
    3
    Views:
    520

Share This Page