Re: [dl-ticket-service] Logout requires login
On 03/25/2015 01:41 PM, Carsten Czerner wrote: Hi, thanks for your replay, I understand the problem. But, coundn't we use a Ajax request to update and display the Logout success and call the the admin.php afterwards? This will inform the user to close the tab or to reload ist pressing STRG + R? If I understand correctly we could just show another regular page (with some logout text), and *then* perform the logout (maybe just with a meta-refresh on the correct url). This should work, but you will still get the prompt afterwards. Well.. I guess it's a step forward?
Re: [dl-ticket-service] Logout requires login
Hi, thanks for your replay, I understand the problem. But, coundn't we use a Ajax request to update and display the Logout success and call the the admin.php afterwards? This will inform the user to close the tab or to reload ist pressing STRG + R? Regards Carsten Am 24.03.2015 um 12:57 schrieb Yuri D'Elia: On 03/24/2015 11:24 AM, Carsten Czerner wrote: Hi, I have a strange behavior with the Logout function. When I try to logout, the server asks me to re login, that alwayes failes. When I cancel the Authentication Dialog the correct message was displayed Please close the window The other functions like New Ticket or Active grants work correctly! Why is there a authentification dialog when I try to logout? It's a known issue. At least, I couldn't make it work better than this, so if anybody else has some experience, please read on. This happens when you have HTTP authentication active. In this situation, /admin.php is protected by the web server itself, which sends a WWW-Authenticate header. The browser caches the credentials for /admin.php and uses them for each request. To perform a *true* logout, I actually have to make the browser *fail* authentication at least once in order to make it forget the credentials. I cannot redirect it outside /admin.php, since this would prevent the credentials to be forgotten entirely. If I didn't do that, you could just browse again to admin and you would still be logged in as the previous user. This ends up in this weird logout limbo, where you *need* authentication, but I keep telling the browser it's wrong. As you saw, if you cancel, you can actually see the content of the page - which is *already* sent to the browser, but it's never displayed. I also have this issue, since I'm also using HTTP authentication everywhere. I could add an extra redirect *after* the authentication failed, but you would still see a prompt at least once. Confusing. Maybe there's a trick we could use to stop the prompt to appear will still removing the credentials from *some* recent browsers? -- Mit freundlichen Grüßen Dipl. Inform. (FH) Carsten Czerner Medien- und Informationszentrum (MIZ) Leuphana Universität Lüneburg Scharnhorststraße 1, C7.217 21335 Lüneburg Fon 04131.677-1241 Fax 04131.677-1246 smime.p7s Description: S/MIME Cryptographic Signature
Re: [dl-ticket-service] Logout requires login
Am 25.03.2015 um 14:41 schrieb Yuri D'Elia: On 03/25/2015 01:41 PM, Carsten Czerner wrote: Hi, thanks for your replay, I understand the problem. But, coundn't we use a Ajax request to update and display the Logout success and call the the admin.php afterwards? This will inform the user to close the tab or to reload ist pressing STRG + R? If I understand correctly we could just show another regular page (with some logout text), and *then* perform the logout (maybe just with a meta-refresh on the correct url). This should work, but you will still get the prompt afterwards. Well.. I guess it's a step forward? Yes, that would help me and the normal user. I hope they will ignore the login promt if the underlaying page told them to close the tab! Thanks Carsten smime.p7s Description: S/MIME Cryptographic Signature
Re: [dl-ticket-service] Logout requires login
On 03/24/2015 11:24 AM, Carsten Czerner wrote: Hi, I have a strange behavior with the Logout function. When I try to logout, the server asks me to re login, that alwayes failes. When I cancel the Authentication Dialog the correct message was displayed Please close the window The other functions like New Ticket or Active grants work correctly! Why is there a authentification dialog when I try to logout? It's a known issue. At least, I couldn't make it work better than this, so if anybody else has some experience, please read on. This happens when you have HTTP authentication active. In this situation, /admin.php is protected by the web server itself, which sends a WWW-Authenticate header. The browser caches the credentials for /admin.php and uses them for each request. To perform a *true* logout, I actually have to make the browser *fail* authentication at least once in order to make it forget the credentials. I cannot redirect it outside /admin.php, since this would prevent the credentials to be forgotten entirely. If I didn't do that, you could just browse again to admin and you would still be logged in as the previous user. This ends up in this weird logout limbo, where you *need* authentication, but I keep telling the browser it's wrong. As you saw, if you cancel, you can actually see the content of the page - which is *already* sent to the browser, but it's never displayed. I also have this issue, since I'm also using HTTP authentication everywhere. I could add an extra redirect *after* the authentication failed, but you would still see a prompt at least once. Confusing. Maybe there's a trick we could use to stop the prompt to appear will still removing the credentials from *some* recent browsers?
