On Fri, Jan 23, 2009 at 12:07:26PM -0800, Noah Kantrowitz wrote: > > Incorrect, HTTP auth credentials are kept by the browser for the duration of > the session. This a "feature" of all modern browsers and cannot (as far as I > know) be disabled. >
Just FYI, the only system I've seen manage to get the browser to drop the stored BasicAuth credentials is Zope's management interface. There, the logout button takes you to a page (manage_zmi_logout, ISTR) that returns a "401 Unauthorized" regardless of the credentials presented. This causes the browser to drop the cached credentials, but (unfortunately) also prompt for new credentials. It's fine for a web-framework management interface, whose users are by definition very web savvy and technical, but would probably not fly for something even as technical as they typical trac site. Go with some sort of forms auth. Ross -- Ross Reedstrom, Ph.D. reeds...@rice.edu Systems Engineer & Admin, Research Scientist phone: 713-348-6166 The Connexions Project http://cnx.org fax: 713-348-3665 Rice University MS-375, Houston, TX 77005 GPG Key fingerprint = F023 82C8 9B0E 2CC6 0D8E F888 D3AE 810E 88F0 BEDE --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---