Version 8 (modified by 18 years ago) (diff) | ,
---|
True logout mechanism for Basic/Digest Authentication
Notice: This plugin is unmaintained and available for adoption.
Description
This patch allows to logout from Basic/Digest Auth without closing the browser.
On one hand Apache claims that it is not possible.
On other hand, Nano Documet give a solution that works with most recent browsers.
This patch works for tracd
standalone. There's no need of Apache or any other server.
I am lazy tonight, so i give you only the file changes.
This patch should work on all platform, although I've only tested version 0.9.6 on Windows XP.
I have tested successfully Firefox 1.5 and Internet Explorer 6
Usage
- file
Share\trac\htdocs\js\trac.js
, append at the end of file:function clearAuthenticationCache(page) { // Default to a non-existing page (give error 500). // An empty page is better, here. if (!page) page = '.force_logout'; try{ var agt=navigator.userAgent.toLowerCase(); if (agt.indexOf("msie") != -1) { // IE clear HTTP Authentication document.execCommand("ClearAuthenticationCache"); } else { // Let's create an xmlhttp object var xmlhttp = createXMLObject(); // Let's prepare invalid credentials xmlhttp.open("GET", page, true, "logout", "logout"); // Let's send the request to the server xmlhttp.send(""); // Let's abort the request xmlhttp.abort(); } } catch(e) { // There was an error return; } } function createXMLObject() { try { if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); } // code for IE else if (window.ActiveXObject) { xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } } catch (e) { xmlhttp=false } return xmlhttp; }
- file
Lib\site-packages\trac\web\auth.py
, locate methodget_navigation_items
, and change:yield ('metanav', 'logout', Markup('<a href="%s">Logout</a>' % escape(self.env.href.logout())))
to:yield ('metanav', 'logout', Markup('<a href="%s" onclick="clearAuthenticationCache(\'%s\');">Logout</a>' % ((escape(self.env.href.logout()),) *2) ))
- Now that's ok to start
tracd
and test logout feature.
Comments
Thanks a ton! this works like a charm.
Has this been filed as a ticket, so it can be possibly included in future releases? bill.mill@…
Ticket #3577 ask to include this in future releases.
-- Florent
Recent Changes
Author/Contributors
Author: flox
Contributors:
Here is the patch for 0.10 - by sgorilla
yield ('metanav', 'logout', html.A('Logout', href=req.href.logout(), onclick="clearAuthenticationCache(\'%s\')" % req.href.logout()))
Attachments (2)
-
trac-0.10.2_basic-auth-logout.patch (2.1 KB) - added by 17 years ago.
Adapted for v0.10.2: 'tis a hack but it solved my problem.
-
True_logout_patch_trunk_updated.diff (2.1 KB) - added by 16 years ago.
updated patch for trac svn trunk 2008/03/11
Download all attachments as: .zip