[
https://issues.apache.org/jira/browse/BROOKLYN-323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15411857#comment-15411857
]
ASF GitHub Bot commented on BROOKLYN-323:
-----------------------------------------
Github user neykov commented on a diff in the pull request:
https://github.com/apache/brooklyn-ui/pull/30#discussion_r73882175
--- Diff: src/main/webapp/assets/js/util/brooklyn-utils.js ---
@@ -175,17 +175,22 @@ define([
};
Util.logout = function logout() {
- $.ajax({
- type: "POST",
- dataType: "text",
- url: "/v1/logout",
- success: function() {
- window.location.replace("/");
- },
- failure: function() {
- window.location.replace("/");
- }
- });
+ var ua = window.navigator.userAgent;
+ if (ua.indexOf("MSIE ") > 0 || ua.indexOf(" Edge/") > 0 ||
ua.indexOf(" Trident/") > 0) {
+ $.ajax({
+ async: false,
+ type: "GET",
+ dataType: "text",
+ url: "/v1/logout"
+ });
+ document.execCommand('ClearAuthenticationCache', 'false');
--- End diff --
To avoid the (potentially brittle) user agent check - it will fail but it
doesn't matter when in a try-catch block. And when it works it will do its
thing.
> Inconsistent logout behavior for Basic Authentication
> -----------------------------------------------------
>
> Key: BROOKLYN-323
> URL: https://issues.apache.org/jira/browse/BROOKLYN-323
> Project: Brooklyn
> Issue Type: Bug
> Affects Versions: 0.9.0, 0.10.0, 0.9.1
> Environment: Firefox, Internet Explorer, Google Chrome
> Reporter: Valentin Aitken
> Fix For: 0.10.0
>
>
> Observed behavior:
> When clicking logout browser asks for a password.
> When entering a password browser asks you sequentially to enter username and
> password.
> How logout should be implemented for Basic Authentication:
> http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication
> My explanation for behavior with the current code:
> First to clear out how brooklyn-ui is working and what it does.
> It polls infinitely the brooklyn api to retrieve status for the applications
> which are on the dashboard.
> To do that each request has to be authenticated.
> Logout:
> When user click logout, UI fires an ajax call to get a a proper Unauthorized
> response.
> Current response for the logout request contains Unauthorized response which
> should invalidate credentials.
> For Google Chrome it does invalidate the request credentials but it does not
> reload the DOM (or the webpage)
> When user try to type username and password to login back again, it is
> followed by another username and password prompt.
> My explanation for this is that login actually appeared from one of the
> application status calls rather than the index page and credentials are not
> populated through the DOM.
> Because of this credentials have to be typed for every single request and UI
> is making status calls infinitely so in other words user have to enter
> username and password infinitely.
> However for Internet Explorer it behaves differently.
> It just unauthenticate the one Ajax request and from there nothing happens.
> Deletion of the session within Internet Explorer doesn't happen and browser
> stays authenticated.
> My idea for solving those problems is to do a full reload of the web page
> after deauthenticating.
> so Brooklyn can have only one javascript authentication cycle.
> I will provide a solution which does that in one simple step.
> Calling the /logout API call which returns Unauthorized response and redirect
> to the home page.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
