= True logout mechanism for Basic/Digest Authentication = == Description == This patch allows to logout from Basic/Digest Auth without closing the browser. On one hand Apache [http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq claims that it is not possible].[[BR]] On the other hand, Nano Documet [http://www.nanodocumet.com/?p=6 gives a solution] that simply works.[[BR]] The concept is explained on [http://www.berenddeboer.net/rest/authentication.html Berend de Boer page]. This patch works for `tracd` standalone. There's no need of Apache or any other server. I am lazy tonight, so i give you only the file changes.[[BR]] This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP. Notes: * Tested successfully with ''Firefox'' and ''Internet Explorer 6'' * It works fine with Camino. * It may not work with Safari and Konqueror. == Usage == * file `Share\trac\htdocs\js\trac.js`, append at the end of file: {{{ function clearAuthenticationCache(page) { // Default to a non-existing page (give error 500). // An empty page is better, here. if (!page) page = '.force_logout'; try{ var agt=navigator.userAgent.toLowerCase(); if (agt.indexOf("msie") != -1) { // IE clear HTTP Authentication document.execCommand("ClearAuthenticationCache"); } else { // Let's create an xmlhttp object var xmlhttp = createXMLObject(); // Let's prepare invalid credentials xmlhttp.open("GET", page, true, "logout", "logout"); // Let's send the request to the server xmlhttp.send(""); // Let's abort the request xmlhttp.abort(); } } catch(e) { // There was an error return; } } function createXMLObject() { try { if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); } // code for IE else if (window.ActiveXObject) { xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } } catch (e) { xmlhttp=false } return xmlhttp; } }}} * file `Lib\site-packages\trac\web\auth.py`, locate method `get_navigation_items`, and change: {{{ yield ('metanav', 'logout', Markup('Logout' % escape(self.env.href.logout()))) }}} to: {{{ yield ('metanav', 'logout', Markup('Logout' % ((escape(self.env.href.logout()),) *2) )) }}} * Now that's ok to start `tracd` and test logout feature. (Patches for other versions below) == Comments == Thanks a ton! this works like a charm. Has this been filed as a ticket, so it can be possibly included in future releases? [mailto:bill.mill@gmail.com bill.mill@gmail.com] ---- Ticket [http://trac.edgewall.org/ticket/3577 #3577] ask to include this in future releases.[[BR]] -- Florent == Recent Changes == [[ChangeLog(truehttplogoutpatch, 3)]] == Author/Contributors == '''Author:''' [wiki:flox] [[BR]] '''Contributors:''' ---- Here is the patch for 0.10 - by sgorilla {{{ yield ('metanav', 'logout', html.A('Logout', href=req.href.logout(), onclick="clearAuthenticationCache(\'%s\')" % req.href.logout())) }}} ---- And here's the patch for 0.11 - by gt4329b: {{{ yield ('metanav', 'logout', tag.a('Logout', href=req.href.logout(), onclick="clearAuthenticationCache(\'%s\')" % req.href.logout() )) }}} ---- You guys rock! I had created a 4 step script for people, but this actually does what logout is ''supposed'' to do :) For 0.8.4, rather than changing auth.py, you change the template file header.cs, by replacing this: {{{
  • Logout }}} with this {{{
  • Logout }}} - by kriggs ---- Any way to have this work with AuthRequiredPlugin so that a logout doesn't immediately result in an auth dialog? (Yes, I realize this is the correct behavior with this patch and the plugin, just wanted to know if there's a simple workaround!) ''Not sure what you're asking here. This patch is designed to provide true http logout for those using the http auth mechanism. The AuthRequiredPlugin is designed to work with the AccountManagerPlugin which provides form based login and already provides true logout. To accomplish the same net effect as the AuthRequiredPlugin with http auth, you merely need to move the auth information to the root of the trac environment as opposed to /login. Thus, I would recommend adjusting web server configuration and dropping the AuthRequiredPlugin or use the forms based login from AccountManagerPlugin --BladeHawke'' -by Ross ---- problem with Opera 9.25 When I test the path with Opera the logout still does not work (remains on same page). ---- Using the following configuration: browsers under Mac OS X Leopard 10.5.2, server running FreeBSD 7.0, Apache 2.0 with SSL and Trac 10.1. 1) With Camino 1.6 works fine. 2) It doesn't work with Safari 3.1.1 -by Rik. ---- Confirmed that this patch does not work with Safari (3.1.2), but works fine with Camino. -lid (Jul 31 2008) ---- Much more simple workaround for firefox (?): {{{ tag.a('Logout', href=req.abs_href.logout().replace("://","://anonymous@"))) }}} Nothing more required. -till (April 14 2010)