On Fri, Jan 23, 2009 at 3:55 PM, Ross J. Reedstrom <[email protected]> wrote: > On Fri, Jan 23, 2009 at 12:07:26PM -0800, Noah Kantrowitz wrote: >> >> Incorrect, HTTP auth credentials are kept by the browser for the duration of >> the session. This a "feature" of all modern browsers and cannot (as far as I >> know) be disabled. >> > > Just FYI,
Just FYI ... > the only system I've seen manage to get the browser to drop > the stored BasicAuth credentials is Zope's management interface. There, > the logout button takes you to a page (manage_zmi_logout, ISTR) that > returns a "401 Unauthorized" regardless of the credentials presented. > This causes the browser to drop the cached credentials, but > (unfortunately) also prompt for new credentials. ... I considered this hint and others I found, and ... > It's fine for a > web-framework management interface, whose users are by definition very > web savvy and technical, but would probably not fly for something even > as technical as they typical trac site. Go with some sort of forms auth. > ... I decided that I will not use forms auth, or any other workaround (e.g. the one provided by Noah ... thnx Noah for the pointers ...), since IMO every web app / framework like Trac should have a (... decent or not ...) logout mechanism so that users be able to close their respective sessions, thus allowing multiple users to use a single PC | browser ... and many other use cases. That's the way it should be ... let's imagine now that Person1 needs to work in «wonderful» PC1, and when Person2 executes 'switch to user' or 'logout' command she founds out that no logout is performed and besides that the only solution at hand is to restart «wonderful» PC1 ... I really dont see the point in doing so ... IMHO this is a serious issue ... Therefore I implemented a plugin to perform a real logout (... I am testing it right now for Trac 0.11.1 & 0.11.2 in Apache 2 ...). Once I test it a little, upload it to a SVN repos, and solve a few issues so that it be a little more user friendly «hopefully soon ... :) although I've said this a few times during the last few months ... :( ... » ... I'll give you the URLs so that you can try it out ... give ideas, enhance it, report bugs, and so on ... ;) > Ross Thank you Ross, thank you Flatfender, thank you Rainer Sokoll ... Thank you all ... :) Trac is great !!! I love Trac ! -- Regards, Olemis. Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article: Mirando la web de una forma distinta con Google Visualization API --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
