Logout when using HTTP basic auth
|Reported by:||Owned by:||John Hampton|
|Severity:||normal||Keywords:||logout BasicAuth cookie|
|Cc:||John Hampton, Ryan J Ollos||Trac Release:||0.11|
It would be great if you could still use the normal basic auth login browser based login style (not form), yet still be able to logout. It would require trac to test for the user/pass rather than apache. A cookie would be issued and from then on that cookie and that user would have to match (keeping that in session info). If the user logs out, then that cookie would be deleted and a redirect occur. No cookie would indicate an auth error such that the browser would ask for credentials again. Even if the user just hit return to relogin, that would be ok (they would be given a new cookie).