Closed destijl closed 9 years ago
From darrenbilby on December 01, 2013 14:55:11
So, I'm not sure how we can resolve this sensibly.
At the moment GRR used standard browser digest authentication in the open source version. There is no cookie involved, so no way to logout without the browser clearing the cached credentials. Closing the browser will log you out.
I'm a little loathe to implement a full user cookie management setup, as it is overhead to implement and manage it. I guess we could add a logout button that pops up something saying "To logout close your browser", and if you are using an SSO system that could be replaced with a proper logout link.
I think that's a reasonable feature request, but its not going to be high priority.
Status: Accepted
Labels: -Type-Defect -Priority-Medium Type-Enhancement Priority-Low
We're going to close this one. There's no good way to logout with the default digest auth scheme. In real-world deployments we expect people to integrate with their own SSO, which will need its own logout mechanism.
From tory.cullen on November 07, 2013 17:20:59
What steps will reproduce the problem? 1. Log in to the Admin Console with one user
Original issue: http://code.google.com/p/grr/issues/detail?id=77