Page 1 of 1

Logout capability

Posted: Fri Oct 03, 2014 10:36 am
by bryanl641
Feature request: Can you provide a logout capability in Atrium?
I know that this is an issue with Apache Basic Authentication, but I've also seen references to being able to accomplish this in javascript.
Can this be added to Atrium?
--Bryan

Re: Logout capability

Posted: Sat Oct 04, 2014 3:28 pm
by Scott Klement
There is already a logout button in Atrium. (It's the "Exit" button in the upper-right corner.)

Is that what you're looking for? Or are you looking for something different?

Also, if you do wish to place a feature request, the best way is to e-mail support@profoundlogic.com

Re: Logout capability

Posted: Mon Dec 15, 2014 12:24 pm
by David
Bryan,

As you mentioned, the problem with 'logging off' from HTTP Basic authentication is that there is no such thing. This is a limitation in the HTTP protocol and web browser design. The first time a browser is challenged for credentials in a 'session', it will present the authentication dialog box. After successful authentication, the browser will cache the credentials and automatically resend them if challenged again, for the life of the 'session'. Modern browsers merge all browser windows and tabs into 1 'session', so this means that the only way to really log off is to close ALL browser windows and tabs.

The 'JavaScript' trick you mention is a hack, what you can do is fool the browser into getting rid of the credentials by having a the HTTP server successfully 'authenticate' a set of dummy credentials which are good for only this purpose. It will then remember those, so any subsequent requests for authentication will show the dialog box again.

We have an option to make Atrium do this when you click the Log Off button, see here:

http://www.profoundlogic.com/docs/displ ... and+Logoff

This approach does have limitations as mentioned in the doc, so it's not enabled by default.