Logging out does not work in Safari 3
Gábor Hojtsy - February 3, 2008 - 22:38
| Project: | Secure Site |
| Version: | 5.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
Trying to log out from Safari 3 (HTTP authentication with browser logout workaround), it does not work. I simply get redirected to the site home page, and I am still logged in. If I change my password and then try to log out, I get a login prompt, so looks like there is indeed some logging out happening, but I am logged in again. Looks like the different realm does not work in Safari 3?
#1
BTW I see a "session closed for Gabor" and a "session opened for Gabor" watchdog notice both for the /logout page.
#2
Interesting. That means the log out is working, but you're immediately logged back in because the credentials are re-used. So, yes, it seems like the work-around isn't working.
#3
I develop on a Mac and have experienced this in the past, but I can't recall the circumstances. Safari 3 is working fine.
#4
My memory has, unfortunately, been refreshed today. Safari will not allow me to log out until I quit and restart the browser.
#5
The problem is that the browser workaround is assuming that only 3 browsers exist in the world.
Maybe we should rather try checking for problem browsers.
I am not very good at regular expression, so this is how I would do it.
<?phpif ($securesite_enabled == 2) {
// fix logout on cancel in Opera and IE
$problem_browsers = array('msie','opera');
$browser_user_agent = strtolower( $_SERVER['HTTP_USER_AGENT'] );
$suffix = '';
foreach ($problem_browsers as $problem_agent) {
if (strpos($browser_user_agent, $problem_agent) != FALSE) {
$suffix = ' - '. mt_rand(10, 99);
break;
}
}
$realm .= $suffix;
}
?>
But can anybody confirm that using normal HTTP-AUTH (no workaround) works for Safari, because if it does not then this is a different problem.
#6
Normal HTTP-AUTH doesn't work, either.
#7
If Safari 3 is a requirement of your site, I suggest you use the HTML login form until a workaround is found.
All I have found on the topic so far is not very encouraging.
http://www.the-art-of-web.com/system/safari-broken-logout/
I also still think the above code is still relevant (just not for this issue) as it is cleaner and it tries to target specific browsers for the workaround. It just needs to be better tested.
#8
It makes more sense to do it as we are now, i.e. checking for browsers we know work, rather than checking for browsers we know don't work, since we only know of one browser (Mozilla) that works. Does anyone know if Safari 2.x requires the work-around?
#9
Safari 3.1 seems to work better when using the work-around. It won't show the password dialog when cancelling the auth dialog, but it does show the auth dialog when you log out.
#10
Fixed on the DRUPAL-5 branch using NaX's suggestion from #5. Safari still doesn't show the password dialog when cancelling the auth dialog, but that's a separate issue.
#11
Automatically closed -- issue fixed for two weeks with no activity.