Needs review
Project:
Secure Site
Version:
7.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
10 Jun 2009 at 08:15 UTC
Updated:
1 Nov 2017 at 16:02 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
junyor commentedHTTP Authentication doesn't really have a logout mechanism. A work-around is to show the authentication dialog again. So, you're logged out when you see the dialog but by entering your credentials, you're logging back into the site. Instead of entering your credentials, just cancel the dialog and you should be all set.
Comment #2
Anonymous (not verified) commentedIf I get this right, you don't have a problem with the http-authentication, but with the login/logout machanism of drupal. I'm experiencing the same problem.
I expect the logout to work as follows:
- user clicks logout
- user is logged out from drupal
- the http-login dialog is displayed again.
- if the user enters correct credentials, he is logged in to drupal again, using the newly entered credentials
- if the http-login dialog is cancled, the user lands on the frontpage of drupal, but not logged in to the website
Comments are welcome.
Comment #3
darren ohUnless you are using Securesite only for 403 errors, forced authentication requires a user to log in before seeing anything. Some browsers are not capable of displaying anything after HTTP authentication is canceled. However, I would like to have the option of allowing browsers to display the anonymous version of a page. See my comment in issue 354219. Haven't had time to do any work on it since posting the patch there.
Comment #4
kenorb commentedTo not open another duplicate, I wanted to make sure that I'm testing it right.
My steps are:
1. I've logged as guest/guest (which is my correct pass for Secure Site).
2. I'm logged as guest (HTTP Auth), so now I'm logging-in via Drupal login form (/user). Now I'm logged in as an user.
3. I'm trying to log-out at /user/logout to be Guest again (as anonymous).
4. But then authentication pop-ups, so I'm trying to enter my guest/guest credentials, but it doesn't work anymore. If I cancel, Password reset page is shown.
Tested with Chrome on OSX.
This is the correct behaviour? I'm using 7.x
Comment #5
fuquam commentedUsing Chrome OSX as well and having the same problem. When I try logging out it brings up the log in window (secure site, not drupal). If I hit cancel or close the browser window and open the site from a new window it shows that I'm still logged in.
Comment #6
nimoatwoodwaysame problem here. not possible to logout using
- Force authentication: Always
- Allowed authentication types: HTTP basic
Logout works with using "HTML log-in form" as authentication type.
any updates on this? tried to use hook_user_logout() in own module and _drupal_session_destroy() with no luck.
Comment #7
lanny heidbreder commentedPatch attached. I think the issue was caused by the fact that
drupal_exit()commits the current session, and the$uservariable still had the logged-in user. I replaced it with the anonymous user, and now things seem fine.Comment #8
lanny heidbreder commentedBetter patch attached; I just learned about the
drupal_anonymous_user()function.