Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#3317 closed defect (invalid)

When I click Logout I remain logged in

Reported by: Trev72 Owned by: coderanger
Priority: normal Component: PermRedirectPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Tested with IE7 and Firefox 3.

With the plug-in enabled I always remain logged in on whatever page I was viewing when I click Logout.

The option for the browser to remember the password has been set.

Attachments (0)

Change History (5)

comment:1 Changed 6 years ago by coderanger

Are you using normal HTTP authentication or AccountManager?

comment:2 Changed 6 years ago by Trev72

Forgot to mention that without the plug-in enabled I get a permission error whenever I click Logout.

comment:3 Changed 6 years ago by Trev

Just a basic digest. Trac is actually running as a windows service that's exposed on a specifically assigned port.

comment:4 Changed 6 years ago by coderanger

  • Resolution set to invalid
  • Status changed from new to closed

This is the expected behavior then. All modern browsers cache HTTP auth credentials as long as the browser is open. When you click logout you are sent back to a page you don't have permissions for, so the plugin redirects you to /login. Then your browser takes the cached credentials and logs you back in. If you use AccountManagerPlugin, which allows form-based logins instead of HTTP auth, you can get real logout, and things will work as expected.

comment:5 Changed 6 years ago by anonymous

Thanks for taking the time to explain this. I'll install the AccountManagerPlugin.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from coderanger. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.