Hi, Thanks for all this information.
It would be very handy for me and probably others if a good working example was put together showing how this all works. Regards Ben Short 2009/10/15 Alexander Klimetschek <[email protected]>: > On Wed, Oct 14, 2009 at 19:04, Paul McMahon <[email protected]> wrote: >> Here's an explanation of why you can't do a basic auth logout: >> >> http://httpd.apache.org/docs/1.3/howto/auth.html#basicfaq >> >> The only way I have ever seen it implemented is JavaScript that closes the >> user's browser - which of course generates a security warning and may not >> work. > > As I noted, you can with some tricks, using XHR (ajax). Although my > first answer was a bit wrong. Here is how you do it. For IE, you can > manually clear the cache with a javascript function, although that > removes all credentials currently cached IIRC. For Firefox, you simply > force a login in sling with the anonymous user: > > if (document.all) { > // Internet Explorer: 'ClearAuthenticationCache' is only available in IE > document.execCommand('ClearAuthenticationCache'); > > } else { > var xmlhttp; > if (window.XMLHttpRequest) { > xmlhttp = new XMLHttpRequest(); > } else if (window.ActiveXObject) { > try { > xmlhttp = new ActiveXObject('Msxml2.XMLHTTP'); > } catch (ex) { > try { > xmlhttp = new ActiveXObject('Microsoft.XMLHTTP'); > } catch (ex) {} > } > } > if (xmlhttp.readyState < 4) { > xmlhttp.abort(); > } > // Firefox/Mozilla: use anonymous "login" to trigger a "logout" > xmlhttp.open('GET', '/?sling:authRequestLogin=1', false, > 'anonymous', 'null'); > xmlhttp.send(''); > } > > For Safari, Chrome and Opera you have to use the Authorization cookie, > as noted before. > > Regards, > Alex > > -- > Alexander Klimetschek > [email protected] >
