#3317 closed defect (invalid)
When I click Logout I remain logged in
| Reported by: | Trevor Doorley | Owned by: | Noah Kantrowitz |
|---|---|---|---|
| Priority: | normal | Component: | PermRedirectPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
Tested with IE7 and Firefox 3.
With the plug-in enabled I always remain logged in on whatever page I was viewing when I click Logout.
The option for the browser to remember the password has been set.
Attachments (0)
Change History (5)
comment:1 Changed 16 years ago by
comment:2 Changed 16 years ago by
Forgot to mention that without the plug-in enabled I get a permission error whenever I click Logout.
comment:3 Changed 16 years ago by
Just a basic digest. Trac is actually running as a windows service that's exposed on a specifically assigned port.
comment:4 Changed 16 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
This is the expected behavior then. All modern browsers cache HTTP auth credentials as long as the browser is open. When you click logout you are sent back to a page you don't have permissions for, so the plugin redirects you to /login. Then your browser takes the cached credentials and logs you back in. If you use AccountManagerPlugin, which allows form-based logins instead of HTTP auth, you can get real logout, and things will work as expected.
comment:5 Changed 16 years ago by
Thanks for taking the time to explain this. I'll install the AccountManagerPlugin.
Are you using normal HTTP authentication or AccountManager?