Logout-action fails when logged in through basic http authentication.
Reported by Emuen | June 12th, 2009 @ 12:11 PM
Hi.
I have a stage-server that is password protected via basic http authentication. The password and username for the .htaccess-protection is the same as for the restful-authentication. I'm not sure if the problem arises from the passwords and usernames are the same, or that the restful-authentication simply doesn't logout the user when logged in through basic http authentication.
Comments and changes to this ticket
-
dondarone August 2nd, 2009 @ 09:10 AM
- Assigned user cleared.
I can confirm this issue.
Using request_http_basic_authentication as default response by overwriting access_denied, I can not logout anymore. After reverting that change, it works again.
This was in a test environment on mongrel without any .htaccess authentication.
-
Satya August 31st, 2010 @ 09:48 AM
One way to fix this is to disable "basic http authentication" completely
But we needed this for good user experience during Ajax actions, so we enabled this authentication only for ajax actions
def login_from_basic_auth **return false unless request.xhr?** authenticate_with_http_basic do |login, password| self.current_user = User.authenticate(login, password) end end
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Restful Authentication Generator
This widely-used plugin provides a foundation for securely managing user
authentication:
* Login / logout
* Secure password handling
* Account activation by validating email
* Account approval / disabling by admin
* Rudimentary hooks for authorization and access control.
http://github.com/technoweenie/restful-authentication/tree