[[PageOutline(2-5,Contents,pullout)]]

= True logout mechanism for Basic/Digest Authentication

== Description

This patch allows you to logout from Basic/Digest Auth without closing the browser.

 * Apache [http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq claims that it is not possible].
 * Nano Documet [http://www.nanodocumet.com/?p=6 gives a solution] that simply works.

The concept is explained on [http://www.berenddeboer.net/rest/authentication.html Berend de Boer page].

This patch works for `tracd` standalone. There's no need of Apache or any other server.
This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP.

Notes:
 * Tested successfully with Firefox and Internet Explorer 6.
 * It works fine with Camino.
 * It may not work with Safari and Konqueror.

== Usage

 * file `Share\trac\htdocs\js\trac.js`, append at the end of file:
    {{{
function clearAuthenticationCache(page) {
  // Default to a non-existing page (give error 500).
  // An empty page is better, here.
  if (!page) page = '.force_logout';
  try{
    var agt=navigator.userAgent.toLowerCase();
    if (agt.indexOf("msie") != -1) {
      // IE clear HTTP Authentication
      document.execCommand("ClearAuthenticationCache");
    }
    else {
      // Let's create an xmlhttp object
      var xmlhttp = createXMLObject();
      // Let's prepare invalid credentials
      xmlhttp.open("GET", page, true, "logout", "logout");
      // Let's send the request to the server
      xmlhttp.send("");
      // Let's abort the request
      xmlhttp.abort();
    }
  } catch(e) {
    // There was an error
    return;
  }
}
    
function createXMLObject() {
  try {
    if (window.XMLHttpRequest) {
      xmlhttp = new XMLHttpRequest();
    }
    // code for IE
    else if (window.ActiveXObject) {
      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    }
  } catch (e) {
    xmlhttp=false
  }
  return xmlhttp;
}
    }}}

 * file `Lib\site-packages\trac\web\auth.py`, locate method `get_navigation_items`, and change:
    {{{
yield ('metanav', 'logout',
       Markup('<a href="%s">Logout</a>' 
              % escape(self.env.href.logout())))
    }}}
   to:
    {{{
yield ('metanav', 'logout',
       Markup('<a href="%s" onclick="clearAuthenticationCache(\'%s\');">Logout</a>' 
              % ((escape(self.env.href.logout()),) *2) ))
    }}}

  * Now that's ok to start `tracd` and test logout feature.

(Patches for other versions below)

== Recent Changes

[[ChangeLog(truehttplogoutpatch, 3)]]

== Author/Contributors

'''Author:''' [wiki:flox] [[BR]]
'''Maintainer:''' [[Maintainer]] [[BR]]
'''Contributors:'''