AuthAny has its own Authen and Authz handlers, however instead of returning a 401, these handlers redirect to a "GATE" page which contains links for each provider. The "basic auth" type links point to a directory with a random value appended. This random value is kept in the database and cycled with each logout. Browsers will not send the authorization header to the new directory. The AuthName is also appended with a random string to assure that the challenge pop-up is presented each time. This logout mechanism and logout mechanisms for other providers allows AuthAny to maintain its own permanent cookie in its database for control over recognition or authentication states.
Kim On Fri, Mar 25, 2011 at 5:39 AM, Perrin Harkins <per...@elem.com> wrote: > On Wed, Mar 23, 2011 at 4:52 PM, Kim Goldov <kgol...@gmail.com> wrote: > > We would like to release Apache2::AuthAny on CPAN. > > Please go ahead! > > How did you implement the logout for HTTP auth? > > - Perrin >