Hi all,
Sorry for the repost - I think I have the correct forum now!
I'm writting a small app that requires basic authentication in Sinatra.
I followed the advice of the official Sinatra faq
(http://www.sinatrarb.com/faq.html#auth) and have implemented this code
with success:
[code]
require 'rubygems'
require 'sinatra'
helpers do
def protected!
response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
and \
throw(:halt, [401, "Not authorized\n"]) and \
return unless authorized?
end
def authorized?
@auth ||= Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials &&
@auth.credentials == ['admin', 'admin']
end
end
get '/' do
"Everybody can see this page"
end
get '/protected' do
protected!
"Welcome, authenticated client"
end
[/code]
So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can't get it to work.
Any help is greatly appreciated. Thanks!
-Tony
···
--
Posted via http://www.ruby-forum.com/.
Actually, this may be a limitation of HTTP basic authentication - there is
no way to inform the browser that you wish for its credentials cache to
expire.
I am not certain of this, but I have seen this complaint raised before. You
might want to follow this up and see if the problem is a general one, before
banging your head trying to find a Sinatra specific solution.
Richard
···
On Thu, Aug 6, 2009 at 4:18 AM, Tony Tony <slythic@gmail.com> wrote:
So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can't get it to work.
Correct. HTTP Basic Authentication is done via the browser. The only real
way to 'log out' of HTTP Basic Authentication is to clear ALL of your
authenticated sessions via your browser settings. If you want an
authentication scheme that you can truly log out of, you'll have to use
something like a session-based scheme.
···
--
Bryan
On Thu, Aug 6, 2009 at 6:03 AM, Richard Conroy <richard.conroy@gmail.com>wrote:
On Thu, Aug 6, 2009 at 4:18 AM, Tony Tony <slythic@gmail.com> wrote:
>
>
> So I get a window asking me to ender my credentials when going to
> /protected and it logs me in. Once logged in though, I would like to be
> able to log out. I know the solution to this must be super easy but I
> just can't get it to work.
>
>
Actually, this may be a limitation of HTTP basic authentication - there is
no way to inform the browser that you wish for its credentials cache to
expire.
I am not certain of this, but I have seen this complaint raised before. You
might want to follow this up and see if the problem is a general one,
before
banging your head trying to find a Sinatra specific solution.
Richard