Trying to log out from Safari 3 (HTTP authentication with browser logout workaround), it does not work. I simply get redirected to the site home page, and I am still logged in. If I change my password and then try to log out, I get a login prompt, so looks like there is indeed some logging out happening, but I am logged in again. Looks like the different realm does not work in Safari 3?

Comments

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented

BTW I see a "session closed for Gabor" and a "session opened for Gabor" watchdog notice both for the /logout page.

Junyor’s picture

Junyor CreditAttribution: Junyor commented

Interesting. That means the log out is working, but you're immediately logged back in because the credentials are re-used. So, yes, it seems like the work-around isn't working.

Darren Oh’s picture

Darren Oh
Primary language English
Location Lakeland, Florida
CreditAttribution: Darren Oh commented
Status: Active » Postponed (maintainer needs more info)

I develop on a Mac and have experienced this in the past, but I can't recall the circumstances. Safari 3 is working fine.

Darren Oh’s picture

Darren Oh
Primary language English
Location Lakeland, Florida
CreditAttribution: Darren Oh commented
Status: Postponed (maintainer needs more info) » Active

My memory has, unfortunately, been refreshed today. Safari will not allow me to log out until I quit and restart the browser.

NaX’s picture

NaX CreditAttribution: NaX commented

The problem is that the browser workaround is assuming that only 3 browsers exist in the world.

Maybe we should rather try checking for problem browsers.

I am not very good at regular expression, so this is how I would do it.

    if ($securesite_enabled == 2) {
      // fix logout on cancel in Opera and IE
      $problem_browsers = array('msie','opera');
      $browser_user_agent = strtolower( $_SERVER['HTTP_USER_AGENT'] );
      $suffix = '';
      foreach ($problem_browsers as $problem_agent) {
        if (strpos($browser_user_agent, $problem_agent) != FALSE) {
          $suffix = ' - '. mt_rand(10, 99);
          break;
        }
      }
      $realm .= $suffix;
    }

But can anybody confirm that using normal HTTP-AUTH (no workaround) works for Safari, because if it does not then this is a different problem.

Darren Oh’s picture

Darren Oh
Primary language English
Location Lakeland, Florida
CreditAttribution: Darren Oh commented

Normal HTTP-AUTH doesn't work, either.

NaX’s picture

NaX CreditAttribution: NaX commented

If Safari 3 is a requirement of your site, I suggest you use the HTML login form until a workaround is found.

All I have found on the topic so far is not very encouraging.
http://www.the-art-of-web.com/system/safari-broken-logout/

I also still think the above code is still relevant (just not for this issue) as it is cleaner and it tries to target specific browsers for the workaround. It just needs to be better tested.

Junyor’s picture

Junyor CreditAttribution: Junyor commented

It makes more sense to do it as we are now, i.e. checking for browsers we know work, rather than checking for browsers we know don't work, since we only know of one browser (Mozilla) that works. Does anyone know if Safari 2.x requires the work-around?

Junyor’s picture

Junyor CreditAttribution: Junyor commented

Safari 3.1 seems to work better when using the work-around. It won't show the password dialog when cancelling the auth dialog, but it does show the auth dialog when you log out.

Junyor’s picture

Junyor CreditAttribution: Junyor commented
Status: Active » Fixed

Fixed on the DRUPAL-5 branch using NaX's suggestion from #5. Safari still doesn't show the password dialog when cancelling the auth dialog, but that's a separate issue.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.