wiki:TrueHttpLogoutPatch

Version 26 (modified by Ryan J Ollos, 7 years ago) (diff)

Remove old discussion.

Contents

  1. Description
  2. Usage
  3. Recent Changes
  4. Author/Contributors

True logout mechanism for Basic/Digest Authentication

Notice: This plugin is unmaintained and available for adoption.

Description

This patch allows you to logout from Basic/Digest Auth without closing the browser.

The concept is explained on Berend de Boer page.

This patch works for tracd standalone. There's no need of Apache or any other server. This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP.

Notes:

  • Tested successfully with Firefox and Internet Explorer 6.
  • It works fine with Camino.
  • It may not work with Safari and Konqueror.

Usage

  • file Share\trac\htdocs\js\trac.js, append at the end of file: 
    function clearAuthenticationCache(page) {
  // Default to a non-existing page (give error 500).
  // An empty page is better, here.
  if (!page) page = '.force_logout';
  try{
    var agt=navigator.userAgent.toLowerCase();
    if (agt.indexOf("msie") != -1) {
      // IE clear HTTP Authentication
      document.execCommand("ClearAuthenticationCache");
    }
    else {
      // Let's create an xmlhttp object
      var xmlhttp = createXMLObject();
      // Let's prepare invalid credentials
      xmlhttp.open("GET", page, true, "logout", "logout");
      // Let's send the request to the server
      xmlhttp.send("");
      // Let's abort the request
      xmlhttp.abort();
    }
  } catch(e) {
    // There was an error
    return;
  }
}
    
function createXMLObject() {
  try {
    if (window.XMLHttpRequest) {
      xmlhttp = new XMLHttpRequest();
    }
    // code for IE
    else if (window.ActiveXObject) {
      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    }
  } catch (e) {
    xmlhttp=false
  }
  return xmlhttp;
}
  • file Lib\site-packages\trac\web\auth.py, locate method get_navigation_items, and change: 
    yield ('metanav', 'logout',
       Markup('<a href="%s">Logout</a>' 
              % escape(self.env.href.logout())))
    to: 
    yield ('metanav', 'logout',
       Markup('<a href="%s" onclick="clearAuthenticationCache(\'%s\');">Logout</a>' 
              % ((escape(self.env.href.logout()),) *2) ))
  • Now that's ok to start tracd and test logout feature.

(Patches for other versions below)

Recent Changes

16483 by rjollos on 2017-04-10 23:21:44
Add version that works with tracd in Trac 1.2

Has been tested with Firefox 52 on OSX. It may work with
other browsers and configurations but has not been tested.

1138 by flox on 2006-08-17 20:34:59
New hack TrueHttpLogoutPatch, created by flox
(more)

Author/Contributors

Author: flox
Maintainer: none (needsadoption)
Contributors:

Attachments (2)

Download all attachments as: .zip