Closed arsturges closed 6 years ago
Furthermore, the IE dialogue says:
"The server ead5.lbl.gov at Web Password requires a username and password.
Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)."
IE logout from production log: Processing SessionsController#destroy (for 128.3.23.51 at 2010-07-15 17:13:52) [GET] Parameters: {"action"=>"destroy", "controller"=>"sessions"} Redirected to http://ead5.lbl.gov/ Completed in 8ms (DB: 2) | 302 Found [http://ead5.lbl.gov/logout]
Processing HomeController#index (for 128.3.23.51 at 2010-07-15 17:13:52) [GET] Parameters: {"action"=>"index", "controller"=>"home"}
Rendering template within layouts/application Rendering home/index Completed in 7766ms (View: 1281, DB: 471) | 200 OK [http://ead5.lbl.gov/]
Firefox user clicks log out:
Processing SessionsController#destroy (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"destroy", "controller"=>"sessions"} Redirected to http://ead5.lbl.gov/ Completed in 7ms (DB: 2) | 302 Found [http://ead5.lbl.gov/logout]
Processing HomeController#index (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"index", "controller"=>"home"}
Redirected to http://ead5.lbl.gov/session/new Filter chain halted as [:login_required] rendered_or_redirected. Completed in 2ms (DB: 0) | 302 Found [http://ead5.lbl.gov/]
Processing SessionsController#new (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"new", "controller"=>"sessions"} Rendering sessions/new Completed in 4ms (View: 3, DB: 0) | 200 OK [http://ead5.lbl.gov/session/new]
The Firefox user's session is destroyed, and he is redirected to /home/index, which is halted by the filter chain as no password is supplied. The IE user's session is destroyed (I think), and he is redirected to /home/index, which loads normally, without being halted by the filter chain.
Firefox user: Processing HomeController#index (for 127.0.0.1 at 2010-07-27 14:25:18) [GET] Parameters: {"action"=>"index", "controller"=>"home"}
Redirected to http://localhost:3000/session/new Filter chain halted as [:login_required] rendered_or_redirected.
sessions_controller.rb:
Deleted the line: redirect_back_or_default('/')
replaced it with: redirect_to :action => "new", :controller => "sessions"
This fixes the issue for now, but seems like a hack.
Thank you browser testing. IE also doesn't show the login screen; it hijacks it and shows it own login prompt.