Force Browser to forget credentials and remove row from sessions table.
| Project: | Webserver authentication |
| Version: | 4.7.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Hello,
My installation is 4.7.2 with the webserver auth module functioning and I am wondering between which lines to place (webauth.module or user.module) the following code and if this should even work:
// Force the browser to forget with an unauthorized challenge response ...
// realm should match Apache directives for drupal directories..
header("WWW-Authenticate: Basic realm=\"Drupal\"");
header("HTTP/1.1 401 Unauthorized");My attempts inside user.module in the user_logout function do not work as I expect. My whole /var/www/html is protected with Apache authentication, so I would expect the Auth request pop-up when this is successful. I do not find reference to logout anywhere else in the modules.
Also, It appears that the associated row in the sessions table with the PHPSESSID does not get removed on logout either. Where is the best place I should locate the appropriate lines for this to happen when a user clicks the logout link as well?
Any help is greately appreciated. This seems useful to more than my install. Once I get this tested here and working, I would like to submit the patch.
4.7.3 user.module does not have anything helpful here in the user_logour function either.
Thanks again,
Jim