[MAGNOLIA-87] logout button would be nice ... Created: 31/Aug/04  Updated: 20/Feb/15  Resolved: 29/May/06

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 2.1 Final
Fix Version/s: 3.0 RC1

Type: New Feature Priority: Trivial
Reporter: Boris Kraft Assignee: Fabrizio Giustina
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

so users do not need to quit browser to end their sessions.



 Comments   
Comment by Sameer Charles [ 03/Sep/04 ]

add a button in GUI - call sessionControl.invalidate() , test on all browsers.

Comment by Mark [ 28/Oct/04 ]

Please add Log out button

Comment by Boris Kraft [ 28/Oct/04 ]

Can you add the button in the GUI as Sameer has suggested?

Comment by Caecilia Schindler [ 04/Nov/04 ]

another approach would be an automatic session timeout after, lets say, 1h per default.

What does everyone think about it? and how do these sessions work?

Comment by Markus Strickler [ 30/Sep/05 ]

Hm, invalidating the session is not enough.
As long as you are using HTTP BASIC Autth the only way to logout is to send a 401header back to the client. This will prompt the user with an new login dialog that then can be cancelled (or used to log in a different user).

Comment by Felipe Pinto [ 01/Oct/05 ]

Usually, the right way to do this is using the form based authentication.

So the session.invalidade() works.

Until end of this month I will allocate some time into this issue

Comment by Sameer Charles [ 06/Oct/05 ]

Currently magnolia is only interested in authorization headers, does not matter from where its coming from, either you pass it
in a URL or browser Based Authentication or from some application, When we move to form based authentication
we have to make sure that we keep this and dont break other applications which depends on request headers to authorize against magnolia.

Philipp are you gonna work on this? or someone else interested in doing this

Comment by Philipp Bracher [ 07/Oct/05 ]

we move to form base authentication

  • applications are still able to use basic authentication
  • one can pass username and password to the request (direct login)
  • the login form will redirect to the original requested url after a seccessfull login
Comment by Sameer Charles [ 10/Feb/06 ]

implemented for based login,
Philipp could you please add logout in admin central!

Comment by Fabrizio Giustina [ 29/May/06 ]

added logout button, logout handler is implemented as a page to avoid additional mappings in web.xml or additional jsp pages.

Generated at Mon Feb 12 03:13:58 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.