WordPress.org

Ready to get started?Download WordPress

Forums

HTTP Authentication
[resolved] HTTP Logout (4 posts)

  1. austinbeam
    Member
    Posted 1 year ago #

    Hello,
    I'm trying to support proper logout (or as good as it gets with HTTP authentication). I've found using the https://logout@someurl.com syntax works just fine for me in the browser. The user is logged out as I would expect and a new login is required to continue. Unfortunately, using this as the logout URL in the plugin causes the '@' to be stripped (https://logoutsomeurl.com).

    I tried using proper URL encoding (%40%), but this didn't seem to work either.

    Any tips?

    Thanks.

    http://wordpress.org/extend/plugins/http-authentication/

  2. Daniel Westermann-Clark
    Member
    Plugin Author

    Posted 1 year ago #

    It sounds like you're trying to overload browser behavior that would typically initiate basic authentication.

    WordPress may be stripping the raw at sign (the plugin shouldn't do anything to it). Was the at sign correctly displayed in the plugin settings page?

    When you tried the URL-encoded version, did you try %40? Your post suggests you had an extra percent sign.

  3. austinbeam
    Member
    Posted 1 year ago #

    Sorry about the extra %, that was my mistake in the post. I used it correctly in my testing.

    To answer your first question, yes, it displays correctly in the settings page.

    None of the methods I've tried work, but truly it's not a valid mechanism for HTTP Auth logout anyway.

    Ideally, there would be a better mechanism for logging out. Do you have any suggestions? The default link puts me in a loop of this page upon "Logout" (I've removed the server name):
    Server Logout Loop

  4. Daniel Westermann-Clark
    Member
    Plugin Author

    Posted 1 year ago #

    If you there's no way to force the browser not to send the credentials (e.g., some authentication mechanisms support a separate logout mechanism) then the simplest option is to send them to a URL that doesn't ask for the credentials. Depending on your configuration this may need to be on a separate domain name.

    Hope this helps!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic