Hi Rhett, > Oh, so when you pass credentials using XmlHttpRequest, the browser > automatically caches them? That's cool. I didn't know that worked. > I guess this has the same downside as normal browser-based > authentication, then -- it's impossible to log out without quitting > the browser. With a trick you can: If you want to logout, you send a XMLHttpRequest (e.g. started via a link, which starts a JavaScript) with standardized credentials (e.g.: user: "logout", password: "logout"). The Guard (or whatever Filter) filters this user out, and returns a success state. Than the browser save the new credentials and send it for further requests. So the server must only filter the username "logout" and remove the credentials before processing the request. I've implemented this at the end of the last year (Restlet 1.0.6), but with the current snapshot it doesn't work. I have to check why, but need time for it ...
best regards Stephan ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=990101
