I just plugged RESTful authentication into my application (following the
outline given in Ryan Bate’s railscast). As I was doing so, I was
through the code. (I know, what a concept! :-)) I noticed that the
AuthenticatedSystem#access_denied method redirects to
#request_http_basic_authentication for anything other than .html
Being a naturally curious kind of fellow, I logged out of my application
plugged in http://localhost:3000/documents.xml to see what would happen.
Sure enough, the standard web login/password screen popped up on my
(Firefox 3.0.5). After providing my username and password, I got to see
XML representation of my data. So then I when I went back to
http://localhost:3000/documents, I was able to see the documents in my
database, having used HTTP authentication to log in.
Well, that was kinda cool… I guess.
Then I tried to log out.
And I tried again.
I could no longer log out of my application. Nothing I tried worked. I
tried shutting down and restarting the server (Mongrel). I tried
the session secret key (restarting the server). I tried deleting the
from Firefox. I tried deleting all cookies from Firefox.
Finally, I exited Firefox, restarted the server, restarted Firefox, and
back to my “not logged in” screen.
Just in case there are other “naturally curious kinds of people” out
with more time on their hands than is really good for them, I thought I
would write this down, send it out, and see what folks say.
What do folks say?