Closed kenkyee closed 8 years ago
It doesn't logout because it uses basic auth, and basic auth does not have a logout. the browser remembers and sends the headers and so logging out a server-side session does nothing.
A more realistic auth handler (JDBC, OAUTH, JWT) would work fine.
There is a hack, but I agree using JWT or OAuth would be the right way to do it :-) http://tuhrig.de/basic-auth-log-out-with-javascript/
To reproduce: