Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTP BASIC Authentication logout issue with Chrome

I am using this below method to logout from the HTTP server which is using Basic HTTP authentication. This work fine with IE and FireFox . But in case of Chrome , I am able to get the html file even with the wrong user name and password.

In Chrome , the flow is , I am getting "********** Failed ***********" error then the requested page(some_server_file.html) is shown.

But in IE/Chrome , the flow is , I am getting "********** Failed ***********" error then login dialog is prompting for the credentails.

Someway , Chrome is sending the correct user name and password even after the first request failed with the wrong credentails.

Can anyone fix the Chrome issue?

function logout() {
    jQuery.ajax({
            type: "get",
            url: "some_server_file.html",
            async: false,
            username: "wronguser",
            password: "wrongpass",
            headers: {"Authorization": "Basic xxx"}
        })
        .success(function () {
            console.log("********** Success ***********");
        })
        .fail(function () {
            console.log("********** Failed ***********");
        });
    return false;
}

Thx

like image 527
JavaUser Avatar asked Feb 04 '16 17:02

JavaUser


1 Answers

Basic Authentication wasn't designed to manage logging out.

If you want to be able to logout users you can create an endpoint on your server that returns HTTP 403 (forbidden) status code back. This will trigger the browser to "logout" / clear the basic authentication cache.

User clicks logout button --> 
Ajax call to /logout which will return HTTP 403 --> 
Browser basic authentication cache will be cleared
like image 176
jeanfrg Avatar answered Sep 23 '22 14:09

jeanfrg