No logout button

[destijl]

From tory.cullen on November 07, 2013 17:20:59

What steps will reproduce the problem? 1. Log in to the Admin Console with one user

2. Want to switch users
3. Can't log out What is the expected output? What do you see instead? I would like to see a logout button in one of the corners of the Admin Console or perhaps have a context menu appear after clicking or hovering over "User: " that allows me to log out so that I can log in as a different user. What version of the product are you using? On what operating system? GRR v 0.2-8 in Firefox 25.0 on OS X Mavericks Please provide any additional information below. I know this isn't a huge deal, but it would make GRR more user friendly.

Original issue: http://code.google.com/p/grr/issues/detail?id=77

[destijl]

From darrenbilby on December 01, 2013 14:55:11

So, I'm not sure how we can resolve this sensibly.

At the moment GRR used standard browser digest authentication in the open source version. There is no cookie involved, so no way to logout without the browser clearing the cached credentials. Closing the browser will log you out.

I'm a little loathe to implement a full user cookie management setup, as it is overhead to implement and manage it. I guess we could add a logout button that pops up something saying "To logout close your browser", and if you are using an SSO system that could be replaced with a proper logout link.

I think that's a reasonable feature request, but its not going to be high priority.

Status: Accepted
Labels: -Type-Defect -Priority-Medium Type-Enhancement Priority-Low

[destijl]

We're going to close this one. There's no good way to logout with the default digest auth scheme. In real-world deployments we expect people to integrate with their own SSO, which will need its own logout mechanism.