Open paulcmal opened 6 years ago
maghoff
commented
6 years ago That's a fair concern, but unfortunately an unworkable solution. Sausagewiki has no particular preference for HTTP auth, and can work with other auth schemes, see Third-party authentication providers for examples. As such, Sausagewiki will not include support for logging out of HTTP auth in particular.
paulcmal
commented
6 years ago OK. Could we maybe do something such as passing an additional HTTP header containing a link to a log out page? This way an actual log out button could be added to the UI, and the server handling the authentication would be able to handle logging out as well.
maghoff
commented
6 years ago Right, something like that could be designed.
I'll reopen this to have as a feature request.
It's really sweet to use HTTP auth (instead of ugly cookies) but we need a way to log out so as not to leave a session open unintentionally.
I was reading this which suggested to run a Javascript query in the background with wrong credentials, so that the server returns a 401 code which forces the browser to purge authentication details without prompting the user with a login dialog.