On 5 Oct 2010, at 09:44, Mike Müller wrote: > With Basic Auth on we've got serveral issues in the browsers: > - Some browsers pass credentials even on parent paths > where credentials should not be sent. > - Logout is mostly a problem
We have hit exactly this problem with users logging into the console using basic auth, and you are right there is no way of logging out of basic auth except by the user telling the browser to drop the credentials (supported by some browsers) or closing the browser. So we tell users to do just that, and almost without exception, they do it. Well I tell a lie, there is a way of forcing the browser to logout.... tell it the credentials it supplied are bad even if they are not. That will popup a browser login window where the user can cancel it....we decided that was too confusing for the average user an so told them to do it via the browser. As Bertrand said, we have lots of things depending on basic auth authentication, and although we could patch the app sever build locally I would prefer not to as some of the people we train up into how to build apps on Nakamura don't go on to use our code, preferring native Sling. Ian
