= True logout mechanism for Basic/Digest Authentication = == Description == This patch allows to logout from Basic/Digest Auth without closing the browser. On one hand Apache [http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq claims that it is not possible]. On other hand, Nano Documet [http://nanodocumet.homedns.org/rest/ give a solution] that works with most recent browsers. This patch works for `tracd` standalone. There's no need of Apache or any other server. I am lazy tonight, so i give you only the file changes.[[BR]] This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP. I have tested successfully ''Firefox 1.5'' and ''Internet Explorer 6'' == Usage == * file `Share\trac\htdocs\js\trac.js`, append at the end of file: {{{ function clearAuthenticationCache(page) { // Default to a non-existing page (give error 500). // An empty page is better, here. if (!page) page = '.force_logout'; try{ var agt=navigator.userAgent.toLowerCase(); if (agt.indexOf("msie") != -1) { // IE clear HTTP Authentication document.execCommand("ClearAuthenticationCache"); } else { // Let's create an xmlhttp object var xmlhttp = createXMLObject(); // Let's prepare invalid credentials xmlhttp.open("GET", page, true, "logout", "logout"); // Let's send the request to the server xmlhttp.send(""); // Let's abort the request xmlhttp.abort(); } } catch(e) { // There was an error return; } } function createXMLObject() { try { if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); } // code for IE else if (window.ActiveXObject) { xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } } catch (e) { xmlhttp=false } return xmlhttp; } }}} * file `Lib\site-packages\trac\web\auth.py`, locate method `get_navigation_items`, and change: {{{ yield ('metanav', 'logout', Markup('Logout' % escape(self.env.href.logout()))) }}} to: {{{ yield ('metanav', 'logout', Markup('Logout' % ((escape(self.env.href.logout()),) *2) )) }}} * Now that's ok to start `tracd` and test logout feature. (Patches for other versions below) == Comments == Thanks a ton! this works like a charm. Has this been filed as a ticket, so it can be possibly included in future releases? [mailto:bill.mill@gmail.com bill.mill@gmail.com] ---- Ticket [http://trac.edgewall.org/ticket/3577 #3577] ask to include this in future releases.[[BR]] -- Florent == Recent Changes == [[ChangeLog(truehttplogoutpatch, 3)]] == Author/Contributors == '''Author:''' [wiki:flox] [[BR]] '''Contributors:''' ---- Here is the patch for 0.10 - by sgorilla {{{ yield ('metanav', 'logout', html.A('Logout', href=req.href.logout(), onclick="clearAuthenticationCache(\'%s\')" % req.href.logout())) }}} ---- You guys rock! I had created a 4 step script for people, but this actually does what logout is ''supposed'' to do :) For 0.8.4, rather than changing auth.py, you change the template file header.cs, by replacing this: {{{
  • Logout }}} with this {{{
  • Logout }}} - by kriggs