C
Christopher Nelson
I have an application secured with HTTP Authentication (RFC 2617).
The protocol doesn't provide for "logout" but I'd like to provide the
user a way to close a session.
If there was a way I could use JavaScript to tell the browser "forget
the cached info for this user of this system" (the nonce, the opaque,
the password, something), then the next GET would not include an
Authorization header and I'd have accomplished logout without needing
protocol or server support.
But I don't know what to set or what clear or what function to call,
if there even is one. Is there a way to programatically tell a
browser, "Flush your cached security information"?
The protocol doesn't provide for "logout" but I'd like to provide the
user a way to close a session.
If there was a way I could use JavaScript to tell the browser "forget
the cached info for this user of this system" (the nonce, the opaque,
the password, something), then the next GET would not include an
Authorization header and I'd have accomplished logout without needing
protocol or server support.
But I don't know what to set or what clear or what function to call,
if there even is one. Is there a way to programatically tell a
browser, "Flush your cached security information"?