On 03/24/2015 11:24 AM, Carsten Czerner wrote:
> Hi,
> 
> I have a strange behavior with the "Logout" function. When I try to 
> logout, the server asks me to re login, that alwayes failes. When I 
> cancel the "Authentication Dialog" the correct message was displayed 
> "Please close the window ...". The other functions like "New Ticket" or 
> "Active grants" work correctly!
> 
> Why is there a authentification dialog when I try to logout?

It's a "known" issue. At least, I couldn't make it work better than
this, so if anybody else has some experience, please read on.

This happens when you have HTTP authentication active. In this
situation, /admin.php is protected by the web server itself, which sends
a WWW-Authenticate header. The browser caches the credentials for
/admin.php and uses them for each request.

To perform a *true* logout, I actually have to make the browser *fail*
authentication at least once in order to make it forget the credentials.
I cannot redirect it outside /admin.php, since this would prevent the
credentials to be forgotten entirely.

If I didn't do that, you could just browse again to admin and you would
still be logged in as the previous user.

This ends up in this weird "logout" limbo, where you *need*
authentication, but I keep telling the browser it's wrong. As you saw,
if you cancel, you can actually see the content of the page - which is
*already* sent to the browser, but it's never displayed.

I also have this issue, since I'm also using HTTP authentication
everywhere. I could add an extra redirect *after* the authentication
failed, but you would still see a prompt at least once. Confusing.

Maybe there's a trick we could use to stop the prompt to appear will
still removing the credentials from *some* recent browsers?



Reply via email to