There should be a way to log out from the administration console.
More info:
If the session times out I will login automatically again, either because SSO is used or in the case of basic authentication, the credentials are cached in the browser. The only way to log out is to close the browser so cached credentials are lost.
Tips for possible solution (hacks):
- We could trigger the browser to close itself when clicking log out (i'm not 100% sure this helps, we need to confirm this first)
- Ask I to close the browser.
- I should not be allowed to login again if it has logged out once before, even if the right credentials are submitted. We need to set a session cookie or something to store this information. (possibly combined with the first item in this list)
- Try to clear the cache by returning 403/401 HTTP response or forcing a login without a password. Not sure if this works OK.
More tips on http://stackoverflow.com/questions/4163122/http-basic-authentication-log-out
Implemented in | 7.5 |