On Fri, Jan 23, 2009 at 1:55 PM, Noah Kantrowitz <n...@coderanger.net> wrote: > On Jan 23, 2009, at 10:49 AM, Flatfender wrote: >> >> The part your missing is that your browser has your credentials >> cached, so even when you click logout and trac expires your session, a >> new session get's created b/c instead of getting a enter your
What follows is perhaps a little OT, but anyway ... When I talk about credentials I mean user + password (perhaps there is a different word to refer to this ... but anyway) ... AFAIK this is never kept by browsers (talking about Trac ;), but tokens issued by Trac itself ... this comment is just to ensure we are using a common vocabulary IMHO (... CMIIW ...) even if the browser keeps this token in memory or creates a new token, if it is invalidated by Trac (server-side ;) then ... is it still possible that user session come back to life ? I think that expired user tokens should be handled as anonymous or at least warn the user about Now I am not really sure (dont remember ...) how REMOTE_USER envvar is set by Apache ... perhaps the issue is related to this sec mechanism. I have deployed other apps in dedicated web servers and I had not seen this kind of issues so far. > > More specifically the part you are missing is that these credentials > aren't stored in a cookie or anything similar, they are just kept in > memory in the browser. you mean ... user + passw ? > There is nothing in the HTTP authentication > standard that allows the web site to request these be clearer. > Clicking logout will clear the cookies, but since it can't clear these > credentials you will be logged right back in. ufffff ... well ... If this is the case (user + passw) ... then you' re absolutely right ... > Solution: use > AccountManager's form-based logins since they are no subject to the > wiles of HTTP auth. > Well ... I am looking forward to deploy Trac using CoSign ... in this case I could use CoSign auth form I wonder if Trac is able to handle Cosign logout (involves out-of-band server to server comm ;) seamlessly ... but anyway, Ithink I'll test it first, next if I have any doubt I'll post further comments once I make real progress ... Thnx a lot for your help ... -- Regards, Olemis. Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article: Mirando la web de una forma distinta con Google Visualization API --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---