https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #16 from Christopher Schultz ---
(In reply to Mark Thomas from comment #15)
> Something like that.
>
> Or do we show a 'log out' button vs a 'close browser to log out' message
> depending on getAuthType() ?
"Close the browser" is
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #15 from Mark Thomas ---
Something like that.
Or do we show a 'log out' button vs a 'close browser to log out' message
depending on getAuthType() ?
I remain concerned about the fragility of any solution. Whatever we do needs
testi
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #14 from Christopher Schultz ---
Hmm seems we've gone down a rathole. Michael-O is right: this is probably
the wrong approach for the Manager in general, because there is no requirement
that the Manager use HTTP Basic as the aut
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #13 from Michael Osipov <1983-01...@gmx.net> ---
Looking at the PR, I absolutely do not like the change in
HTMLHostManagerServlet#logout(). Why do you impose Basic authentication from
code w/o even knowning what is configured in the
There is no user named 'bugzi...@apache.org'. Either you mis-typed the name or
that user has not yet registered for a Bugzilla account.
Tomcat Developers List wrote:
>
>
> @bug_status IN_PROGRESS
>
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
>
> --- Comment #12 from Marek Czern
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #12 from Marek Czernek ---
(In reply to Christopher Schultz from comment #11)
Hi Christopher,
any news on this by any chance?
--
You are receiving this mail because:
You are the assignee for the bug.
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #11 from Christopher Schultz ---
(In reply to Mark Thomas from comment #6)
> Safari (desktop and mobile), Firefox (desktop), IE (desktop) do not.
I haven't tried the proposed patch, but my implementation of exactly this
technique u
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #10 from Marek Czernek ---
So I have dug a little bit deeper into this topic and I don't seem to have
found a silver bullet for all browsers...
In Chrome, the original solution (in my PR) works.
In Firefox, the original solution
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
Konstantin Kolinko changed:
What|Removed |Added
CC||ma...@apache.org
--- Comment #9 f
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #8 from Mark Thomas ---
I think it is worth a try.
I also have some suggested changes to the patch:
- Move the logout button to the next row down and ensure it appears on other
screens with a similar banner.
- rather than display a
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #7 from Marek Czernek ---
Hi Mark,
that is fair. However, would you lean towards accepting the PR if I managed to
execute the logout with Javascript? I believe it might be possible to enforce
the logout on other clients by sending
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #6 from Mark Thomas ---
Chrome (desktop and mobile) and the Android clients I have easy access to (i.e.
anything controlled by Google) handle this as described and the logout works.
Safari (desktop and mobile), Firefox (desktop), I
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #5 from Mark Thomas ---
I'm pleasantly surprised at how clean this fix was. Nice.
However, I am concerned that the behaviour is not mandated by any
specification. RFC7235, section 6.2 explicitly states that HTTP does NOT
provide a
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #4 from Marek Czernek ---
I have provided a PR for this functionality:
https://github.com/apache/tomcat/pull/98 .
It works like Christopher suggested: Once a user clicks logout, 401 is sent in
the response to flush cache and the s
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #3 from Michael Osipov <1983-01...@gmx.net> ---
(In reply to Mark Thomas from comment #1)
> They use BASIC auth. You can't logout from BASIC auth.
Why do you think so? I have swapped it for SPNEGO auth.
> We could change the auth m
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
Mark Thomas changed:
What|Removed |Added
Severity|normal |enhancement
--
You are receiving this m
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
Christopher Schultz changed:
What|Removed |Added
Keywords||Beginner
--- Comment #2 from Chr
https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #1 from Mark Thomas ---
They use BASIC auth. You can't logout from BASIC auth.
We could change the auth mechanism but then that creates issues for the command
line tools.
I'm leaning towards WONTFIX but if someone can come up with
18 matches
Mail list logo
