Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Log off

  Asked By: Roland    Date: Oct 22    Category: Sharepoint    Views: 4182

Is there a way of having a "Sign Out" button placed on a page so that
a user can immediately end their current session without closing the
browser? (i.e. after clicking the button they would be prompted for
their credentials again to access anything on that SPS site again)



23 Answers Found

Answer #1    Answered By: Alka Sarabhai     Answered On: Oct 22

I've recently asked the identical question, but haven't yet gotten any
replies at all.
Please let me know if you resolve this. I'm working on it even as we

Answer #2    Answered By: Eashan Nadkarni     Answered On: Oct 22

The answer is no - your authentication options are Windows Integrated (which
will automatically sign  you in) or Basic which can only be terminated by closing
the browser window.

Answer #3    Answered By: William Odom     Answered On: Oct 22

Not built in that I know of but you may be able have a link that did a
Session.Abandon and then redirect to some other server.

Answer #4    Answered By: Mia Scott     Answered On: Oct 22

if I DID want to utilize Basic Authentication - and maybe even
found a way to close the session  w/o closing  the browser - I'd still
have to utliize SSL if I didn't want my UN/PW being passed as clear text
(normally the case with basic authentication), right?

Answer #5    Answered By: Kristian Chaney     Answered On: Oct 22

Correct on the SSL stuff. The thing with Basic auth is that it is cached in the
browser with no way to remove the creds other than restarting the browser or
having access  denied to the user. The only workaround is to have the server
force authentication by temporarily denying access to the user.

Answer #6    Answered By: Alicia Scott     Answered On: Oct 22

What are your thoughts on (attempting) utilizing "Session.Abandon"
trigger by a link(button) to drop the current  session w/o closing  a
browser, and thereby permitting a user  to re-login ... using Basic
Authentication/SSL ?

I've never tried it, but it sounds intriguing, and perhaps worth the

Your thoughts?

Answer #7    Answered By: Mike Lamb     Answered On: Oct 22

Session.Abandon refers to ASP sessions which are seperate from the client
authentication method. In this case that will have no effect, as this does not
clear the authentication creds from the browser and WSS/SPS doesn't use ASP

Answer #8    Answered By: Jose Scott     Answered On: Oct 22

Sharepoint doesn't use Session State so I don't think this will work

What about a button  with Javascript that will close the window

Answer #9    Answered By: Taylor Clark     Answered On: Oct 22

I don't want to close the window, what I want is so that I can logon
with different user  login id

Answer #10    Answered By: Anthony Rutledge     Answered On: Oct 22

If want to want is to login as another user, there is a workaround for that -
you just can't logout. Sounds confusing, but the browser will never delete you
credentials, but you can force it to prompt you again if you are using Basic.

What you need to do is create a button  that links to a simple server
script/control/whatever running in the same site  context (so it requires
authentication). This needs to take the current page  URL as a parameter (GET
querystring or POST), set a cookie, and return a 401 response. The browser will
take the 401 as you not having access  any longer and force a login prompt and
resend back to the script/control/whatever. On this second submit you clear the
cookie and redirect back to the original page URL.

Answer #11    Answered By: Heena Nagori     Answered On: Oct 22

> If want to want is to login as another user, there is a workaround
for that - you just can't logout. Sounds confusing, but the browser
will never delete you credentials, but you can force it to prompt you
again if you are using Basic.

Sorry to disappoint you but that's not correct ;-) With Basic/Clear
text authentication you can force the browser to clear the auth cache.

For Mozilla browsers an add-in exists to clear out the HTTP
credentials cache at http://texturizer.net/firefox/

For Internet Explorer 6 RTM and lower you can create an ActiveX
control (been there - done that, two years ago) to clear out the local
browser authentication cache.

For Internet Explorer 6 SP1 you can use a single line of JavaScript
wrapped in a Web Part to clear the authentication cache. You can get a
little WSS/SPS 2003 Web part from


Answer #12    Answered By: Aishwarya Karmarkar     Answered On: Oct 22

I also was looking for answers to this Logoff question as well...I
just downloaded the webpart and used it...does this change the
authentication type at all?

Answer #13    Answered By: Janell Camacho     Answered On: Oct 22

The We part cannot change the authentication type. The auth type must
be Basic/Clear because that's the only auth type which supports
clearing the auth cache. With Windows Integrated you can't do that.

Answer #14    Answered By: Julia Washington     Answered On: Oct 22

Well I do believe it is possible to programmatically clear the
credentials on the client side if you are using IE6? Outlook Web Access
does this...however you'll never get all users to remember to click the

Answer #15    Answered By: Shashwat Takle     Answered On: Oct 22

For IE 6 SP1 an undocumented extension to IE DOM
has been made to clear the auth cache. For anything below you can
still develop an ActiveX to accomplish the same (MSDN & the MSKB has
almost the complete code and it took me less than 2 hours to gobble it
together two years ago for an OWA 2000 custom logoff page).

That's the reason why Microsoft introduced the cooky based
authentication in OWA 2003 (FBA = Forms Based Auth) which incorporates
the feature to let the session  time out automatically.

Answer #16    Answered By: Aastha Acharya     Answered On: Oct 22

This kind of discussion is just what I (still a Sharepoint newbie) had
hoped for.

If OWA 2003 uses cookie-based authentication to provide a 'timer' that
could automatically time-out the session, then would it be possible to
find a way to re-write/update the cookie, in such a way that (say)
clicking a "logout" button  sets the expiration time on the cookie to
(say) 1 second? The effect would be a pause perceived to be the server
processing, when in fact it's doing nothing - for just 1-second. After
that the cookie expires, the session  auto-times-out, and the user  is
presented with a log-in page.

It would "look" like the user clicked a button that logged him/her out,
but the mechanism underneath is simply using what's available - setting
the cookie to expire nearly instantly, and letting Microsoft's own code
time-out the session.

Any thoughts?...

Answer #17    Answered By: Glenda Roth     Answered On: Oct 22

Well, AFAIK what the current  OWA 2003 implementation does is deleting
the cookie hence the FBA auth will revert back and you will get the
OWA logoff page.

Answer #18    Answered By: Jada Clemons     Answered On: Oct 22

Thank you I have downloaded logout webpart

Answer #19    Answered By: Brooke Lewis     Answered On: Oct 22

I think it can be done:


Answer #20    Answered By: Talia Johns     Answered On: Oct 22

Yes, session  support can be turned on in WSS (though it's not recommended).
Even if you do WSS will not use it for authentication however, so
Session.Abandon still won't do what the original poster is looking for...

Answer #21    Answered By: Tera Callahan     Answered On: Oct 22

Thanks for the info. I seem to be reading mixed viewpoints on this, but will be
investigating all of them, and determining what's do-able & what's not.

Answer #22    Answered By: Mark Davis     Answered On: Oct 22

how are you doing? I note you are very active in
SharePoint these days which is a good thing!

Don't know if you were at TechEd but my visit was a very quick one this
year so I didn't get a chance to mingle much!

Our SharePoint 2003 book should be out around August (I'm afraid we are
way behind schedule

Answer #23    Answered By: Delilah Mcpherson     Answered On: Oct 22

The contents of the cookie in OWA FBA are encrypted using a symmetric
key that is constantly changing on the server. So you wouldn't be able
to change its contents client side but, if you invalidate the cookie in
any way then the server side process won't be able to decrypt it and
thus you will be taken to the forms logon page.

Didn't find what you were looking for? Find more on Log off Or get search suggestion and latest updates.