Question
· Nov 5, 2016

How to log out from a web application?

Hello!

The question I have today is the next. Suppose I have this simple class describing the REST application:

Class Playground.Rest Extends %CSP.REST
{

XData UrlMap
{
<Routes>
   <Route Url="/index" Method="GET" Call="Index"/>
   <Route Url="/logout" Method="GET" Call="Logout"/>
</Routes>
}

ClassMethod Index() As %Status
{
write "You're logged in as " _ $Username
quit $$$OK
}

ClassMethod Logout() As %Status
{
write "Bye, " _ $Username _ "!"
do %session.Logout(1)
quit $$$OK
}

}

 

And a web application itself with the password protection option enabled:

When I come to the /playground/index page at first, Caché meets me with an authentication window, asking to enter my username and a password. The next time I come to this page, it gently outputs You're logged in as _SYSTEM message as expected.

Talking about the /playground/logout page, I expect it to log me out, and allow to enter the web application from a different user. But this doesn't happen. Furthermore, I am wondering why clearing browser's cache doesn't log me out either.

So is there a way to log me out from Caché web application, and what am I missing here? (related discussion on GitHub)

Cache 2017.2 for Windows (x64) as well as other versions, local installation, minimal security

Thank you!

Discussion (8)0
Log in or sign up to continue

i am using curl with basic-auth and this seems to work for me:

curl -v -u _SYSTEM:<password> http://localhost:<port>/playground/index


Every request results in new session. The same for logout request.

I assume that the client browser remains the first http-basic-auth credentials and reusing it for the second (logout) request as well.

If i skip the basic-auth in curl request for the logout i will get 401 Unauthorized which is expected.

HTH,
Bernd

Thanks to Bernd, I finally found that this is not a Caché sessions unexpected behavior, the reason is in the browser's basic authentication cache.

To clear the browser's cache, here is one "dirty" solution for this: stackoverflow (and probably the only solution). The JavaScript function sends the wrong login/password authentication request to the server, and it results as 401 Unauthorized error. And this forces browser to clear its cache.