How to logout when using Rake::Auth::Basic in Sinatra

Hi all,

Sorry for the repost - I think I have the correct forum now!

I’m writting a small app that requires basic authentication in Sinatra.
I followed the advice of the official Sinatra faq
(http://www.sinatrarb.com/faq.html#auth) and have implemented this code
with success:

require 'rubygems'
require 'sinatra'

helpers do

  def protected!
    response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
and \
    throw(:halt, [401, "Not authorized\n"]) and \
    return unless authorized?
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials &&
@auth.credentials == ['admin', 'admin']
  end

end

get '/' do
  "Everybody can see this page"
end

get '/protected' do
  protected!
  "Welcome, authenticated client"
end

So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can’t get it to work.

Any help is greatly appreciated. Thanks!

-Tony

On Thu, Aug 6, 2009 at 4:18 AM, Tony T. [email protected] wrote:

So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can’t get it to work.

Actually, this may be a limitation of HTTP basic authentication - there
is
no way to inform the browser that you wish for its credentials cache to
expire.

I am not certain of this, but I have seen this complaint raised before.
You
might want to follow this up and see if the problem is a general one,
before
banging your head trying to find a Sinatra specific solution.

Richard

Correct. HTTP Basic Authentication is done via the browser. The only
real
way to ‘log out’ of HTTP Basic Authentication is to clear ALL of your
authenticated sessions via your browser settings. If you want an
authentication scheme that you can truly log out of, you’ll have to use
something like a session-based scheme.


Bryan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs