Open zen85 opened 1 week ago
elonen
commented
1 week ago HTTP Basic auth (that phpthadmin supports) is not really designed for logging out at all. The client code tries to trick the browser into it anyway, but the workaround seems broken.
Not to self / whoever wants to fix the issue:
This (logoutBasicAuth function)...
...should probably be changed to do something like this:
https://gist.github.com/ivermac/922def70ed9eaf83799b68ab1a587595
elonen
commented
6 days ago Ok, I’ve tried several different ways of wiping the credentials from Firefox’s cache but none work. Chrome works in a sane way, Firefox doesn’t, despite the issue having been discussed for 20 years apparently.
The best way to deal with this would be to use some better auth system, perhaps Authelia, Keratin authn, Vouch proxy or something. Clapshot itself doesn’t care. In any case, the hashing algorithm .htpasswd uses is weak, and the PHP htadmin image was meant as a simple demonstration on how to integrate your preferred user management, not as a recommended authentication method.
dear elonen,
some people here are reporting, and i can reproduce it, a messy logout. i can not log out on firefox and on other browser it seems that they are not logged out until they do a hard reset (reloading while holding shfit).
also a firefox problem seems to be that i dont see userfoldernames in firefox when i am using the admin user.
i guess this is minor things but just made a lot of trouble :)
greetings