On Wed, Oct 14, 2009 at 19:04, Paul McMahon <[email protected]> wrote:
> Here's an explanation of why you can't do a basic auth logout:
>
> http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq
>
> The only way I have ever seen it implemented is JavaScript that closes the
> user's browser - which of course generates a security warning and may not
> work.
As I noted, you can with some tricks, using XHR (ajax). Although my
first answer was a bit wrong. Here is how you do it. For IE, you can
manually clear the cache with a javascript function, although that
removes all credentials currently cached IIRC. For Firefox, you simply
force a login in sling with the anonymous user:
if (document.all) {
// Internet Explorer: 'ClearAuthenticationCache' is only available in IE
document.execCommand('ClearAuthenticationCache');
} else {
var xmlhttp;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
} else if (window.ActiveXObject) {
try {
xmlhttp = new ActiveXObject('Msxml2.XMLHTTP');
} catch (ex) {
try {
xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
} catch (ex) {}
}
}
if (xmlhttp.readyState < 4) {
xmlhttp.abort();
}
// Firefox/Mozilla: use anonymous "login" to trigger a "logout"
xmlhttp.open('GET', '/?sling:authRequestLogin=1', false,
'anonymous', 'null');
xmlhttp.send('');
}
For Safari, Chrome and Opera you have to use the Authorization cookie,
as noted before.
Regards,
Alex
--
Alexander Klimetschek
[email protected]
