This is a HistoricalDocument
topic. It used to be distributed in an earlier TWiki release, but is no longer part of the official TWiki distribution. Post questions, error notes, and suggestions concerning the documentation
of this topic in the comments section below
! Use the Support
web for problems you are having using
How do you log off? Suppose I log in with the guest username but later I want to use another username, how do I log off from the guest user name?
To log off from a TWiki site, you must exit your browser and reconnect to the site. When asked, enter the new username and password.
Why is this?
Many TWiki sites use HTTP Basic Authentication, which pops up a window asking for username and password. Once entered, the browser remembers them, and supplies them as part of subsequent references to the site.
HTTP is a stateless protocol. The web server remembers nothing about a user between individual access -- and it can take several accesses to load a single page. The web browser must remember the state of each transaction. You are never really "logged into" a web site -- you have given the browser the codes to unlock each request. Only if the browser does not have credentials to present to a site will it ask for them.
Most browsers do not give the user a way to "forget" the username and password. To log in as a different user, you must exit the browser (perhaps all instances of the browser), and reconnect to the TWiki site.
If you have the Mozilla
browser installed, the Web Developers toolbar
extension has a function which allows HTTP Authentication details to be reset, without the need to close your browser.
To use this function, download the extension for Firefox or Mozilla and restart your browser (if necessary). On the Web Developers toolbar, click Miscellaneous
, then Clear HTTP Authentication
. Now if the page is reloaded, you will need to "login" again.
Back to: TWikiFAQ
-- Contributors: TWiki:Main.CarlMikkelsen
Comments & Questions about this Historical Document Topic
A few hints (things I discovered that I was not expecting and that didn;t seem to be in the Installation docs)
- you MUST edit the bin/.htaccess file appropriately; it must point at the correct path to the .htpasswd file in the data dir
- you MUST rename bin/.htaccess.txt to bin/.htaccess for Apache to use it
Even after you do these things, access is only controlled for certain types of activities (e.g. edit not view) and in certan areas
(e.g. if you have set the ALLOWTOPICCHANGE setting to restrict who can make changes.
Unless you have done everything necessary to support access control AND you request a particular kind of access that IS controlled, you will never see the "login" dialog at all, no matter how often you quit your browser session!
- 03 Jun 2003
This is to be expected. TWiki is designed as a collaboration tool that above all is usable by the general public as a simple website. If TWiki required login by default just to see
a webpage, it would defeat TWiki's very purpose.
- 06 Dec 2003
It would help matters greatly, however, if there were
topics by default. The
topic by default could just have the Site Map, with a comment that if you didn't have to login to get their, then User Authentication is not setup correctly. The
topic would mention the deficiency that the authentication is browser based.
IMHO, Twiki really should manage authentication itself. Even in a public collaboration, you want people's identifications to be valid, and access restrictions are mandatory in a lot of real world collaborations.
- 15 Jan 2004
I think most up-to-date browsers support authentication in the url. So the simplest way to logout is to insert "username@" in front of the url (e.g. http://firstname.lastname@example.org/cgi-bin/edit/TWiki/HowToLogOff
You will get a new login window to enter username and password again. To logout simple cancel the new login. You don't need to close all browser instances.
- 15 Sep 2004
Markus, URL-authentication isn't a good choice for the masses, not least because the most common browser in the world (IE) does no longer allow
URLs because of a security hole.
- 16 Sep 2004
If you are using FireFox
then you could install the Web Developers Plugin
. It has an option to "Clear HTTP Authentication". It works for me.
- 22 Oct 2004
I felt the Web Developers toolbar mentioned prevously by TorbenGB
desserved a mention in the actual FAQ.
- 08 Nov 2004
True. Its a great tool. However, its hardly good for end users. Like do end users want to know about CSS, etc? There is a lot of dangerous stuff there for the unaware. IMO we need to pursue ditching HTTP authentication - discussion on SessionPluginDev
- 09 Nov 2004
Any application where the FAQ even needs an entry 'HowToLogOff' is quite badly broken if you ask me. TWiki should implement it's own authentication scheme. Most sites do. It's a shame, because TWiki is very cool in many other respects.
- 22 Nov 2004
What does the Web Developers Toolbar in Firefox do? Could that somehow be incorporated in a "logoff" button on the menu? Could TWiki pass a crytographically signed token as a cookie follwing a "logon" and have "logoff" remove the cookie?
- 24 Nov 2004
No. It clears the HTTP Basic authentication - this is different from cookies, its the mechanism that sets REMOTE_USER. Very few sites user Basic Authentication: in my view we should isolate to a plugin so we can relegate it to those places that actually
need (WN) the low cookie-free TWikiSystemRequirements
- 24 Nov 2004
Just a note for all those who use Firefox/Mozilla and don't want to install the Webdeveloper Plugins. There's a new very simple extension, that only clears the http authentication cache. Can be downloaded
- 11 Jan 2005
I've quit out of Safari several times to no avail. I'm never presented with a authentication box. It seems to know who I am, since the correct signature shows up in the edit pages, but USERNAME, WIKIUSERNAME, and WIKINAME all show up as guest in the TWikiVariables
form. What am I doing wrong?
- 09 Feb 2005
Meredith that is a strange combination you describe. You should ask about this in Support.WebHome
or maybe even a Codev.BugReport
- 09 Feb 2005
Not going to figure out where this fits in the big picture, but I thought I'd at least add something helpful: see ViewRegPatch
for a quick patch that allows users to register with twiki without logging in as twiki guest.
- 08 Mar 2005