Re: [dl-ticket-service] Logout requires login
On 03/25/2015 02:56 PM, Carsten Czerner wrote: >> If I understand correctly we could just show another regular page (with >> some logout text), and *then* perform the logout (maybe just with a >> meta-refresh on the correct url). >> >> This should work, but you will still get the prompt afterwards. >> Well.. I guess it's a step forward? > > Yes, > > that would help me and the normal user. I hope they will ignore the > login promt if the underlaying page told them to close the tab! Noted (https://github.com/wavexx/dl/issues/27)
Re: [dl-ticket-service] Logout requires login
Am 25.03.2015 um 14:41 schrieb Yuri D'Elia: On 03/25/2015 01:41 PM, Carsten Czerner wrote: Hi, thanks for your replay, I understand the problem. But, coundn't we use a Ajax request to update and display the "Logout success" and call the the admin.php afterwards? This will inform the user to close the tab or to reload ist pressing STRG + R? If I understand correctly we could just show another regular page (with some logout text), and *then* perform the logout (maybe just with a meta-refresh on the correct url). This should work, but you will still get the prompt afterwards. Well.. I guess it's a step forward? Yes, that would help me and the normal user. I hope they will ignore the login promt if the underlaying page told them to close the tab! Thanks Carsten smime.p7s Description: S/MIME Cryptographic Signature
Re: [dl-ticket-service] Logout requires login
On 03/25/2015 01:41 PM, Carsten Czerner wrote: > Hi, > > thanks for your replay, I understand the problem. > > But, coundn't we use a Ajax request to update and display the "Logout > success" and call the the admin.php afterwards? > > This will inform the user to close the tab or to reload ist pressing > STRG + R? If I understand correctly we could just show another regular page (with some logout text), and *then* perform the logout (maybe just with a meta-refresh on the correct url). This should work, but you will still get the prompt afterwards. Well.. I guess it's a step forward?
Re: [dl-ticket-service] Logout requires login
Hi, thanks for your replay, I understand the problem. But, coundn't we use a Ajax request to update and display the "Logout success" and call the the admin.php afterwards? This will inform the user to close the tab or to reload ist pressing STRG + R? Regards Carsten Am 24.03.2015 um 12:57 schrieb Yuri D'Elia: On 03/24/2015 11:24 AM, Carsten Czerner wrote: Hi, I have a strange behavior with the "Logout" function. When I try to logout, the server asks me to re login, that alwayes failes. When I cancel the "Authentication Dialog" the correct message was displayed "Please close the window ...". The other functions like "New Ticket" or "Active grants" work correctly! Why is there a authentification dialog when I try to logout? It's a "known" issue. At least, I couldn't make it work better than this, so if anybody else has some experience, please read on. This happens when you have HTTP authentication active. In this situation, /admin.php is protected by the web server itself, which sends a WWW-Authenticate header. The browser caches the credentials for /admin.php and uses them for each request. To perform a *true* logout, I actually have to make the browser *fail* authentication at least once in order to make it forget the credentials. I cannot redirect it outside /admin.php, since this would prevent the credentials to be forgotten entirely. If I didn't do that, you could just browse again to admin and you would still be logged in as the previous user. This ends up in this weird "logout" limbo, where you *need* authentication, but I keep telling the browser it's wrong. As you saw, if you cancel, you can actually see the content of the page - which is *already* sent to the browser, but it's never displayed. I also have this issue, since I'm also using HTTP authentication everywhere. I could add an extra redirect *after* the authentication failed, but you would still see a prompt at least once. Confusing. Maybe there's a trick we could use to stop the prompt to appear will still removing the credentials from *some* recent browsers? -- Mit freundlichen Grüßen Dipl. Inform. (FH) Carsten Czerner Medien- und Informationszentrum (MIZ) Leuphana Universität Lüneburg Scharnhorststraße 1, C7.217 21335 Lüneburg Fon 04131.677-1241 Fax 04131.677-1246 smime.p7s Description: S/MIME Cryptographic Signature
Re: [dl-ticket-service] Logout requires login
On 03/24/2015 11:24 AM, Carsten Czerner wrote: > Hi, > > I have a strange behavior with the "Logout" function. When I try to > logout, the server asks me to re login, that alwayes failes. When I > cancel the "Authentication Dialog" the correct message was displayed > "Please close the window ...". The other functions like "New Ticket" or > "Active grants" work correctly! > > Why is there a authentification dialog when I try to logout? It's a "known" issue. At least, I couldn't make it work better than this, so if anybody else has some experience, please read on. This happens when you have HTTP authentication active. In this situation, /admin.php is protected by the web server itself, which sends a WWW-Authenticate header. The browser caches the credentials for /admin.php and uses them for each request. To perform a *true* logout, I actually have to make the browser *fail* authentication at least once in order to make it forget the credentials. I cannot redirect it outside /admin.php, since this would prevent the credentials to be forgotten entirely. If I didn't do that, you could just browse again to admin and you would still be logged in as the previous user. This ends up in this weird "logout" limbo, where you *need* authentication, but I keep telling the browser it's wrong. As you saw, if you cancel, you can actually see the content of the page - which is *already* sent to the browser, but it's never displayed. I also have this issue, since I'm also using HTTP authentication everywhere. I could add an extra redirect *after* the authentication failed, but you would still see a prompt at least once. Confusing. Maybe there's a trick we could use to stop the prompt to appear will still removing the credentials from *some* recent browsers?
[dl-ticket-service] Logout requires login
Hi, I have a strange behavior with the "Logout" function. When I try to logout, the server asks me to re login, that alwayes failes. When I cancel the "Authentication Dialog" the correct message was displayed "Please close the window ...". The other functions like "New Ticket" or "Active grants" work correctly! Why is there a authentification dialog when I try to logout? The user will be authentificated against an AD vie Ldaps, works fine for the first login. I started the Appache with debug logging, but the debug logs are equal for the action "Logout" and "Preferences". Apache Access LOG: ->Preferences filelink.leuphana.de:80 193.174.32.73 - carsten [24/Mar/2015:09:58:35 +0100] "GET /admin.php?token=b170d0e9db7154a7e8e4daf30f09ec60&a=prefs HTTP/1.1" *200* 1445 "http://filelink.leuphana.de/admin.php?token =b170d0e9db7154a7e8e4daf30f09ec60&a=glist" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36" ->Logout filelink.leuphana.de:80 193.174.32.73 - carsten [24/Mar/2015:09:58:37 +0100] "GET /admin.php?u HTTP/1.1" *401* 1372 "http://filelink.leuphana.de/admin.php?token=b170d0e9db7154a7e8e4daf30f09ec60&a=prefs"; "M ozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36" TCPDUMP: GET /admin.php?u HTTP/1.1 Host: filelink.leuphana.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 Iceweasel/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://filelink.leuphana.de/admin.php Cookie: _ga=GA1.2.560792455.1413527448; lang=EN; sid=5v94repq6iauvg1p216fqmfr21 Authorization: Basic SDFsdsdf3sdfsdfsdfsdf= Connection: keep-alive Eb@.@.o...fU.. I.PV .Ui.%t..HTTP/1.0 401 Unauthorized Date: Tue, 24 Mar 2015 08:41:59 GMT Server: Apache/2.4.10 (Debian) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache WWW-Authenticate: Basic realm="Restricted Area" Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Content-Length: 968 Connection: close Content-Type: text/html; charset=UTF-8 Abmelden... href="style/default/static/view.css"/> src="style/default/static/view.js"> MySHARE / FileLink Abmelden... Schließen sie das Browser-Fenster, um den Logout-Vorgang abzuschließen Regrads Carsten smime.p7s Description: S/MIME Cryptographic Signature
