News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Feature Requests
linktree Topic: logout button
Pages: [1]
Topic: logout button  (Read 1402 times)
« on: January 07, 2013, 10:27:26 »
bigbrother *
Posts: 12
Hi

Why isnĀ“t there any logout button in the WebUI?
I think it would be good if there is a logout button to kill the session.
Otherwise I have to close all the opened taps including the browser window.

Is there no way to include such thing? Is this not a security issue?

kr
bb
« Last Edit: January 07, 2013, 10:29:13 by bigbrother »
« Reply #1 on: January 07, 2013, 14:19:00 »
Lennart Grahl ***
Posts: 153
I don't understand why you've opened another thread about this topic.

Anyway, I'm quoting my reply for your first question:
Quote from: Lennart Grahl on December 20, 2012, 11:33:32
m0n0wall is using HTTP authentication and therefore a "logout" is not possible.

There is no session:
Quote
Existing browsers retain authentication information until the tab or browser is closed or the user clears the history. HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without changing the realm periodically, directing the user to close the browser, or using sessions in the URL.

And I don't think you have to worry about it. Recently, Manuel removed all modifying GETs and introduced CSRF magic tokens to the webgui.
« Reply #2 on: January 08, 2013, 09:45:22 »
bigbrother *
Posts: 12
yep, sorry for the double entry   Embarrassed

Thank you for your detailed explanation.

best regards
bb
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines