logout for .htaccess / .htpassword

**Megg81** · 16 April 2012, 10:45 PM

I have a site using .htaccess & .htpassword

login, create ID etc sorted, but I need a logout.

I have the logout page created, but simply linking to it isn't doing the trick you can still re-enter bypassing the login page. Can someone point me in the right direction please for creating the correct code for a logout button? Thanks.

**Megg81** · 16 April 2012, 11:21 PM

Actually it seems my files arent working - it is still possible to enter the protected pages without having to log in first ie just from entering the url. Have closed all browser pages this makes no difference.

.htaccess and .htpassword files are within the same folder as the index page for the protected area (this resides within a folder which will contain pages accessable to all). They have been uploaded in ascII mode and had the permissions changed (RW W W). The .htaccess and .htpassword files are being written to on testing but are not password protecting the directory.

the password protected pages have been exported as index.htm (which is blank) and another page.php which has content.

Can someone recommend some troubleshooting?

**Drwyd** · 17 April 2012, 02:26 AM

Hi Megg81

I think closing the browser or clearing its history is the only way to log out.

Here's a couple of resources on .htaccess

http://www.javascriptkit.com/howto/htaccess.shtml

http://tools.dynamicdrive.com/password/

**Megg81** · 17 April 2012, 07:22 AM

Thanks drwyd I'll take a look through these files later on today. I don't think the logout is the problem though now becuase you dont actually need to login!, I've accessed the page on another device and you dont need to enter a password to view the protected page. Something is wrong somewhere, you're not redirected to the login page.

The protected page has no code on it (aside of the logout button which is proving unsuccessful). Should there be something inserted as a placeholder on the protected page prompting a redirect? or is the fact that it sits in the same file as htaccess and htpassword enough? I don't know where this redirect needs to be defined.

The account logins have been created in another programme, all the pages from this reside in the directory above, some pasted into WD as placeholders, others on their own page

Maybe Im laying out the directories wrongly. I have:
folder 1: containing all files for the password protect & cgi plus webpage for normal viewing which redirects to folder 2/index after successful login
folder 2: containing htaccess & htpassword plus web page for password protection
Is this wrong? should the htaccess & htpassword & page for password protection all be in folder 1?

folder 2/index doesn't redirect to folder 1/index when viewed without entering password first. Folder 1/index has the login box. Hope that makes sense

**steve.ledger** · 17 April 2012, 08:20 AM

How did you create your .htaccess file?

**Megg81** · 17 April 2012, 12:16 PM

I created it in notepad then saved as .htaccess & uploaded by ftp in ASCII mode

The programme Im using did create htaccess & htpassword but in the wrong location - it created them in the root directory.

**steve.ledger** · 17 April 2012, 01:00 PM

Does your hosting account use cpanel?
Because cpanel is the most fool proof way to setup .htacces for directories

**Megg81** · 17 April 2012, 01:26 PM

no i dont have cpanel.

its not a sinlge password though - the programme allows users to create their own logins. this all seems to be working fine. I think it has something to do either with the location of the htpassword & htaccess files or lack of instruction to redirect. is the fact that the secure page sits alongside the htaccess and htpassword files in the same folder right or wrong?

**Megg81** · 17 April 2012, 08:05 PM

Ive now reinstalled the software from scratch in a new folder and used cgi-bin. I had the problem that i couldnt log in at all, now after changing permissions i again dont need a password to log in.

What should the permissions be for htaccess, htpasswd and the file where htaccess resides?

- the logins are writing to .passwrd but depending on the permissions i assign to the file where the htaccess file resides depends on whether I either can't access pages within it at all, or can access everything without a password.

**ckh** · 18 April 2012, 04:14 PM

Normal permissions for files are 644. If the file is written to, then they would need to be 777 or if running suphp/suexec, 755. (if you receive a 500 internal error with permissions of 777, then try 755).