I just plugged RESTful authentication into my application (following the
outline given in Ryan Bate’s railscast). As I was doing so, I was
reading
through the code. (I know, what a concept! :-)) I noticed that the
AuthenticatedSystem#access_denied method redirects to
#request_http_basic_authentication for anything other than .html
requests.
Being a naturally curious kind of fellow, I logged out of my application
and
plugged in http://localhost:3000/documents.xml to see what would happen.
Sure enough, the standard web login/password screen popped up on my
browser
(Firefox 3.0.5). After providing my username and password, I got to see
an
XML representation of my data. So then I when I went back to
http://localhost:3000/documents, I was able to see the documents in my
database, having used HTTP authentication to log in.
Well, that was kinda cool… I guess.
Then I tried to log out.
And I tried again.
I could no longer log out of my application. Nothing I tried worked. I
tried shutting down and restarting the server (Mongrel). I tried
changing
the session secret key (restarting the server). I tried deleting the
cookie
from Firefox. I tried deleting all cookies from Firefox.
Finally, I exited Firefox, restarted the server, restarted Firefox, and
got
back to my “not logged in” screen.
Just in case there are other “naturally curious kinds of people” out
there,
with more time on their hands than is really good for them, I thought I
would write this down, send it out, and see what folks say.
What do folks say?
–wpd