Logout through XMLHTTPRequest Object is not working in Opera

I am using the basic authentication mechanism for my website in IIS. To logout the user I am using something similar to this JavaScript function:

  function logoutUser() {
  setTimeout('location.reload(true)', 1000);
  xmlhttp = GetXmlHtt开发者_Go百科pObject();
  if (xmlhttp==null) {
  return;
   }
  //alert(xmlhttp);
  var url = "index.php";

  xmlhttp.open("GET", url, true, "dummy_user", "dummy_password");

  xmlhttp.setRequestHeader( "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT" );
  xmlhttp.setRequestHeader( 'Accept', 'message/x-formresult' );   
  xmlhttp.send(null);
  }
  function GetXmlHttpObject()
   {
  if (window.XMLHttpRequest)
   {
   // code for IE7+, Firefox, Chrome, Opera, Safari
   return new XMLHttpRequest();
   }
   if (window.ActiveXObject)
  {
   // code for IE6, IE5
   return new ActiveXObject("Microsoft.XMLHTTP");
    }
   return null;
    }

The idea is to force a request with some invalid credentials, in order to invalidate the real credentials cached by the browser.

It is working fine in IE,Firefox, Safari, Google Chrome but not in Opera.

Please help me in this regard.

That setting invalid credentials in an XMLHttpRequest should cause valid credentials to be discarded is not something you can rely on. It happens to work in many browsers but it's not at all standardised. Opera is not doing anything wrong by ignoring the credentials.

There is no standard way to cause HTTP Basic Authentication credentials to be dropped. There's one more way which works more widely, which is to have a link to /logout, a script that responds 401 when the user has valid credentials instead of when they do not. That will pop open an auth dialog, in which the user can fill in nonsense values or just empty strings; then when /logout is re-requested, it accepts those credentials, replacing the old ‘real’ ones.

Pairing this method and XMLHttpRequest is about the best you can do to provide logout capability for HTTP Authentication today.

Use any good JavaScript library. eg.jQuery... so you will have not any browser specific problem.

It will be better to do an ajax call to a page that destroys session data; a page like logout.asp that has a call to Session.Abandon() or session_destroy() in php language

logout.php:

<?php session_destroy();?>

logout.aspx or logout.asp:

//other functions can go here before ending the session

<% Session.Abandon() %>

then the javascript function :

function(){
   $.ajax({
      url:'logout.php',//or logout.aspx or logout.asp
      success:function(){location.reload();}, 
   });
}

you should load jquery.js on the page that is making this logout call