How to logout when using Rake::Auth::Basic in Sinatra

T

Tony Tony

Hi all,

Sorry for the repost - I think I have the correct forum now!

I'm writting a small app that requires basic authentication in Sinatra.
I followed the advice of the official Sinatra faq
(http://www.sinatrarb.com/faq.html#auth) and have implemented this code
with success:

Code:
require 'rubygems'
require 'sinatra'

helpers do

def protected!
response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
and \
throw(:halt, [401, "Not authorized\n"]) and \
return unless authorized?
end

def authorized?
@auth ||=  Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials &&
@auth.credentials == ['admin', 'admin']
end

end

get '/' do
"Everybody can see this page"
end

get '/protected' do
protected!
"Welcome, authenticated client"
end

So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can't get it to work.

Any help is greatly appreciated. Thanks!


-Tony
 
R

Richard Conroy

[Note: parts of this message were removed to make it a legal post.]

So I get a window asking me to ender my credentials when going to
/protected and it logs me in. Once logged in though, I would like to be
able to log out. I know the solution to this must be super easy but I
just can't get it to work.
Actually, this may be a limitation of HTTP basic authentication - there is
no way to inform the browser that you wish for its credentials cache to
expire.

I am not certain of this, but I have seen this complaint raised before. You
might want to follow this up and see if the problem is a general one, before
banging your head trying to find a Sinatra specific solution.

Richard
 
B

Bryan Richardson

[Note: parts of this message were removed to make it a legal post.]

Correct. HTTP Basic Authentication is done via the browser. The only real
way to 'log out' of HTTP Basic Authentication is to clear ALL of your
authenticated sessions via your browser settings. If you want an
authentication scheme that you can truly log out of, you'll have to use
something like a session-based scheme.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top