Version 2 (modified by flox, 10 years ago) (diff)


True logout mechanism for Basic/Digest Authentication


This patch allows to logout from Basic/Digest Auth without closing the browser.

On one hand Apache claims that it is not possible.
On other hand, Nano Documet give a solution that works with most recent browsers.

This patch works for tracd standalone. There's no need of Apache or any other server.

I am lazy tonight, so i give you only the file changes.
This patch should work on all platform, although I've tested Windows only.


  • first remove buggy AuthFormPlugin ;-)
  • file Share\trac\htdocs\js\trac.js, append at the end of file:
    function clearAuthenticationCache() {
        var agt=navigator.userAgent.toLowerCase();
        if (agt.indexOf("msie") != -1) {
          // IE clear HTTP Authentication
        else {
          // Let's create an xmlhttp object
          var xmlhttp = createXMLObject();
          // Let's get the force page to logout for mozilla
          // Let's send the request to the server
          // Let's abort the request
      // Let's redirect the user to the main webpage
      //  window.location = "/rest/";
      } catch(e) {
      // There was an error
      alert("there was an error");
    function createXMLObject() {
      try {
        if (window.XMLHttpRequest) {
          xmlhttp = new XMLHttpRequest();
        // code for IE
        else if (window.ActiveXObject) {
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
      } catch (e) {
      return xmlhttp;
  • file Lib\site-packages\trac\web\, locate method get_navigation_items, and change:
            yield ('metanav', 'logout',
                   Markup('<a href="%s">Logout</a>' 
                          % escape(self.env.href.logout())))
            yield ('metanav', 'logout',
                   Markup('<a href="%s" onclick="clearAuthenticationCache();return true;">Logout</a>' 
                          % escape(self.env.href.logout())))
  • Now that's ok to start tracd and test logout feature.

Recent Changes

1138 by flox on 2006-08-17 22:34:59
New hack TrueHttpLogoutPatch, created by flox


Author: flox

Attachments (2)

Download all attachments as: .zip