Hi all, I experience a strange effect with sessions inside OC-8. That is, strange for me, since I do not understand this. Probably I miss something here, so maybe someone can give me a hint here:
The Shorty app implements a http basic auth strategy for a special purpose. That has nothing to do with normal owncloud sessions. The additional authorization helps to keep two things separate: "normal" owncloud sessions versus requests to a public service, the Shorty relay service. In the implementation I took care *not* to login the user, so *not* to create a session within owncloud. Nevertheless I see this strange effect: Normally, when you logout from owncloud all cookies are deleted and you are forwarded to the login form, since you do not have a valid session any more. Now the fun starts: after having used that described public service once and having authenticated successfully as requested by the http basic auth strategy it suddenly is impossible to logout from the "normal" owncloud session opened in another window or tab. The logout button works, sends the expected headers and deletes the cookies. However instead of the login form you are forwarded right into a valid OC session which loads the default app. Now I do understand that the browser resends his authentication realm after the logout. But I fail to see how a) that is connected with the "normal" owncloud session and b) why there suddenly is a new session although all cookies have been removed. Could someone help me to understand this effect? Thanks, Christian Reiner (arkascha) PS: I attach the two conversation dumps, one with one without that effect.
logout.tar.bz2
Description: application/bzip-compressed-tar
_______________________________________________ Devel mailing list Devel@owncloud.org http://mailman.owncloud.org/mailman/listinfo/devel
