1

I know from questions like this one that there's no "official" way to log out of an HTTP auth "session". I've also read about the 401 header trick, but that does't seem to be too widely supported.

Now my home router, on the other hand, uses HTTP Auth, and it works perfectly! I type in my routers IP, and no web page is rendered. Instead I get an HTTP auth login box (I also have an industrial firewall at work that works this same way). How do devices like this handle HTTP auth "sessions"?

Or am I being tricked into thinking it's HTTP auth, because there's no webpage rendered, just a login box identical to one that HTTP auth uses?

Community
  • 1
  • 1
Native Coder
  • 1,792
  • 3
  • 16
  • 34

1 Answers1

0

The credentials for HTTP Auth/Digest are only stored until the browser is closed. If you were to login to your router, close the TAB, then go back to your router, you will see that you are in fact, still logged in.

Now if you were to log into your router, close the BROWSER, re-open the browser, and navigate back to the router IP. You will be greeted by the HTTP auth login box again.

Native Coder
  • 1,792
  • 3
  • 16
  • 34