Closed Bug 157762 Opened 23 years ago Closed 23 years ago

Need to provide way to expire cached credentials (log out)

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 55181

People

(Reporter: rfeese, Assigned: security-bugs)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1a) Gecko/20020611 BuildID: 2002061104 There is no way to log out when using basic authentication. There should be a way to force the browser to "forget" the credentials (username, password) for a given realm without resorting to closing the browser completely. As far as I know, no browser provides this capability yet, but it is a necessary feature that has been ignored for a long time. From RFC 2616: "In particular, user agents which cache credentials are encouraged to provide a readily accessible mechanism for discarding cached credentials under user control." Reproducible: Always Steps to Reproduce: 1.Log in to a website that uses basic or digest http authentication 2.Try to log out 3.Realize that the only way to log out is to close all your browser windows. Actual Results: I had to wait several seconds while my browser re-started and then browse to where I left off (probably had several tabs/windows open). Expected Results: Mozilla should provide a dialog for logging out of auth realms. This could be under the tools menu. It also seems like there should be some indicator that you are logged into a realm (other than the fact that you are able to access the pages). Normally, I wouldn't recommend using basic http-auth because the username and password are sent in plain text. However, it works quite nicely with HTTPS, but we still need a way to make the browser "forget" the credentials so that we can log out without having to close the browser windows. Cookie based user sessions were invented because of this very problem and it would be nice to finally have a good solution (cookies are not the best solution). Granted, more work on the server side and with the protocol itself are needed, but this would be a step in the right direction.
*** This bug has been marked as a duplicate of 55181 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
vrfy dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.