mod_rewrite hack to make the logout link work

[Quinn Comendant]

I found a way to make the logout link actually destroy the http auth session. (As far as I know there isn't a way to do this -- the logout link just returns to the same page unless using this hack.) It works on the premise of redirecting to a URI with a bad username/password pair such as:

https://notarealuser:nosuchp...@trac.example.com/myproject/

In this example everything under /myproject/ is protected by apache authentication.

I've implemented this with mod_rewrite as follows:

RewriteRule /([^/]+)/logout$ https://your-login-name:-@%{HTTP_HOST}/$1/goodbye [L]
RewriteRule /([^/]+)/goodbye$ https://%{HTTP_HOST}/$1/ [L]

The result is a display of the login dialog with the Name: field pre-populated with "your-login-name", otherwise unable to access anything under /myproject/

I have no idea if this will work consistently, but it does well with Safari and Firefox on a Mac.

Quinn

[Ealden Escañan]

Hi Quinn!

Thanks for the workaround.  I tried it with Firefox 3 beta 2 under Vista and it works.  Unfortunately, it doesn't work with IE7 and Opera 9.  I get a "Internet Explorer cannot display the webpage" error in IE7, while nothing happens Opera 9.

Thanks

--
Ealden Esto E. Escañan
http://ealden.net

[Alec Thomas]

Have you guys tried:

http://trac-hacks.org/wiki/TrueHttpLogoutPatch

--
Evolution: Taking care of those too stupid to take care of themselves.