I found a way to make the logout link actually destroy the http auth session. (As far as I know there isn't a way to do this -- the logout link just returns to the same page unless using this hack.) It works on the premise of redirecting to a URI with a bad username/password pair such as:
https://notarealuser:[EMAIL PROTECTED]/myproject/ In this example everything under /myproject/ is protected by apache authentication. I've implemented this with mod_rewrite as follows: RewriteRule /([^/]+)/logout$ https://your-login-name:[EMAIL PROTECTED]/$1/goodbye [L] RewriteRule /([^/]+)/goodbye$ https://%{HTTP_HOST}/$1/ [L] The result is a display of the login dialog with the Name: field pre-populated with "your-login-name", otherwise unable to access anything under /myproject/ I have no idea if this will work consistently, but it does well with Safari and Firefox on a Mac. Quinn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
