wiki:TrueHttpLogoutPatch

Version 3 (modified by Florent, 11 years ago) (diff)

--

True logout mechanism for Basic/Digest Authentication

Notice: This plugin is unmaintained and available for adoption.

Description

This patch allows to logout from Basic/Digest Auth without closing the browser.

On one hand Apache claims that it is not possible.

On other hand, Nano Documet give a solution that works with most recent browsers.

This patch works for tracd standalone. There's no need of Apache or any other server.

I am lazy tonight, so i give you only the file changes.
This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP. I have tested successfully Firefox 1.5 and Internet Explorer 6

Usage

  • first remove buggy AuthFormPlugin ;-)
  • file Share\trac\htdocs\js\trac.js, append at the end of file:
    function clearAuthenticationCache() {
      try{
        var agt=navigator.userAgent.toLowerCase();
        if (agt.indexOf("msie") != -1) {
          // IE clear HTTP Authentication
          document.execCommand("ClearAuthenticationCache");
        }
        else {
          // Let's create an xmlhttp object
          var xmlhttp = createXMLObject();
          // Let's get the force page to logout for mozilla
          xmlhttp.open("GET",".force_logout_offer_login_mozilla",true,"logout","logout");
          // Let's send the request to the server
          xmlhttp.send("");
          // Let's abort the request
          xmlhttp.abort();
        }
      } catch(e) {
      // There was an error
        return;
      }
    }
    
    function createXMLObject() {
      try {
        if (window.XMLHttpRequest) {
          xmlhttp = new XMLHttpRequest();
        }
        // code for IE
        else if (window.ActiveXObject) {
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
      } catch (e) {
        xmlhttp=false
      }
      return xmlhttp;
    }
    
  • file Lib\site-packages\trac\web\auth.py, locate method get_navigation_items, and change:
            yield ('metanav', 'logout',
                   Markup('<a href="%s">Logout</a>' 
                          % escape(self.env.href.logout())))
    
    to:
            yield ('metanav', 'logout',
                   Markup('<a href="%s" onclick="clearAuthenticationCache();return true;">Logout</a>' 
                          % escape(self.env.href.logout())))
    
  • Now that's ok to start tracd and test logout feature.

Recent Changes

16483 by rjollos on 2017-04-10 23:21:44
Add version that works with tracd in Trac 1.2

Has been tested with Firefox 52 on OSX. It may work with
other browsers and configurations but has not been tested.

1138 by flox on 2006-08-17 20:34:59
New hack TrueHttpLogoutPatch, created by flox
(more)

Author/Contributors

Author: flox
Contributors:

Attachments (2)

Download all attachments as: .zip