Open
Bug 708132
Opened 13 years ago
Updated 4 months ago
Implement UI to log out of HTTP Auth session
Categories
(Toolkit :: Password Manager, enhancement, P3)
Toolkit
Password Manager
Tracking
()
NEW
People
(Reporter: jp.arvela, Unassigned, NeedInfo)
References
(Depends on 1 open bug)
Details
(Whiteboard: [passwords:http-auth])
When logging in on a website that relies on HTTP Auth, the only way to log out is if the website has provided some way to do so in a link or by restarting the browser. Sometimes none of these options are feasible (for example, in a situation in which the user is multitasking on the browser and can't pause some operation). Having in mind that a overhaul to the HTTP Auth UI is being done in bug 411085 and bug 567804, I think it'd be beneficial to implement this.
|
||
Comment 1•13 years ago
|
||
And why is ctrl+shift+del/[x]active logins not good enough ?
|
Reporter | |
Comment 2•13 years ago
|
||
(In reply to Matthias Versen (Matti) from comment #1) > And why is ctrl+shift+del/[x]active logins not good enough ? For the same reason that closing the browser might not be a good enough option. If you logged in to something else you can't (or really shouldn't) log out of after logging in to that website using HTTP Auth, you have no ways to log out if no logout link is provided. Furthermore, it isn't easily discoverable or easy to associate the Clean Recent History dialog with logging out of a website. Nonetheless, having in mind HTTP Auth might probably get implemented in the form of doorhanger notifications, it fits the interface to have the icon in the urlbar kept permanent during the session and another doorhanger with a logout button being available upon click. At least that is my point of view.
|
|
Reporter | |
Comment 3•13 years ago
|
||
(In reply to José Pedro Arvela from comment #2) > If you logged in to something else you can't (or really shouldn't) > log out of after logging in to that website using HTTP Auth, you have no > ways to log out if no logout link is provided. I meant, no ways to log out of the HTTP Auth session without unintentionally logging out of the other session in the process.
|
|
||
Comment 4•13 years ago
|
||
Logging out needs additional UI and such a feature is usually never needed by most users. An addon is better in such cases and there is already one : https://addons.mozilla.org/en-US/firefox/addon/http-logout/
|
|
Reporter | |
Comment 5•13 years ago
|
||
(In reply to Matthias Versen (Matti) from comment #4) > Logging out needs additional UI and such a feature is usually never needed > by most users. I disagree that an UI to easily log out of a website is a feature never needed by most users. Just because the technology is not commonly used in day-to-day browsing, it doesn't mean the feature is unnecessary. From being able to switch accounts on a website to preform different roles to just being privacy concerned, logging out is a fundamental component that should be easily made available for users. The fact HTTP_Auth is used up to a certain scale on the Internet should be enough to make logging out through it essential to implement. > An addon is better in such cases and there is already one : > https://addons.mozilla.org/en-US/firefox/addon/http-logout/ While an addon might be useful for such situations (and yet, this specific addon still poses the same drawback of not being able to log out of specific websites individually), it is only natural that a browser that provides an interface for logging in also allows the ability to undo such, and, as I said in my first comment, as an overhaul is being done to the UI anyway, it simply makes sense to include such thing when that overhaul happens. Furthermore, even Mozilla's own mockups of a possible revamp of the Account Manager ( https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager ) include an option to logout: https://wiki.mozilla.org/images/4/4c/IdentityInTheBrowser.png https://wiki.mozilla.org/images/d/de/IdentityInTheBrowser2.png This is a clear indicator that Mozilla is interested in making this feature available to users. I also add that an HTTP_Auth revamp might be incredibly similar with the native interface that might be later implemented for BrowserID. If these share the same concept, making their interfaces similar (or perhaps even merging the interface overhaul with the BrowserID implementation) might be simply logical. At least, this bug should be kept in mind when revamping the interface of HTTP_Auth on the other above mentioned bugs (perhaps even make this bug block the others). That is my opinion.
|
||
Comment 6•12 years ago
|
||
Unsure on this, we probably should do this (we've talked about having http auth leave a little icon in the URL bar, akin to the remember-password doorhanger's icon). OTOH, HTTP auth UI is, practically, inherently bad UX and with things like BrowserID on the near horizon this might not really be worth the effort. Confirming, and reserving the right to wontfix in the future. :)
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•8 years ago
|
Whiteboard: [passwords:http-auth]
|
|
||
Updated•5 years ago
|
Priority: -- → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 7•1 year ago
|
||
I don't know if this is a duplicate of bug 260839 or if it's more useful to separate the necessary back-end functionality from the browser UI. Marking it "depends on" for now.
Depends on: 260839
|
||
Comment 8•4 months ago
|
||
UI should absolutely be a separate bug. Implementing bug 260839 won't occur until there's a decision on a UI design and commitment to do it.
|
|
||
Comment 9•4 months ago
|
||
@serg - NIing you to make a determination (or to raise it to product/etc to decide).
Flags: needinfo?(sgalich)
You need to log in
before you can comment on or make changes to this bug.
Description
•