On 03/24/2015 11:24 AM, Carsten Czerner wrote: > Hi, > > I have a strange behavior with the "Logout" function. When I try to > logout, the server asks me to re login, that alwayes failes. When I > cancel the "Authentication Dialog" the correct message was displayed > "Please close the window ...". The other functions like "New Ticket" or > "Active grants" work correctly! > > Why is there a authentification dialog when I try to logout?
It's a "known" issue. At least, I couldn't make it work better than this, so if anybody else has some experience, please read on. This happens when you have HTTP authentication active. In this situation, /admin.php is protected by the web server itself, which sends a WWW-Authenticate header. The browser caches the credentials for /admin.php and uses them for each request. To perform a *true* logout, I actually have to make the browser *fail* authentication at least once in order to make it forget the credentials. I cannot redirect it outside /admin.php, since this would prevent the credentials to be forgotten entirely. If I didn't do that, you could just browse again to admin and you would still be logged in as the previous user. This ends up in this weird "logout" limbo, where you *need* authentication, but I keep telling the browser it's wrong. As you saw, if you cancel, you can actually see the content of the page - which is *already* sent to the browser, but it's never displayed. I also have this issue, since I'm also using HTTP authentication everywhere. I could add an extra redirect *after* the authentication failed, but you would still see a prompt at least once. Confusing. Maybe there's a trick we could use to stop the prompt to appear will still removing the credentials from *some* recent browsers?
