与HTTP基本身份验证和restful_authentication插件注销 [英] Logout with http basic authentication and restful_authentication plugin

问题描述

我已经安装在Rails应用程序的插件restful_authentication，与一个具有destroy方法这样的sessions_controller：

I have the restful_authentication plugin installed in a rails app, with a sessions_controller that has a destroy method like this:

def destroy
  self.current_user.forget_me if logged_in?
  cookies.delete :auth_token
  reset_session
  flash[:notice] = "You have been logged out."
  redirect_back_or_default('/')
end

在应用控制器我有：

before_filter :login_required

和在sessions_controller我有：

And In the sessions_controller I have:

skip_before_filter :login_required

我的问题是，当用户使用HTTP基本身份验证进行身份验证时，他/她是不是退出。会话被破坏，但用户能够导航到没有问题的限制的页面。此问题不通过插件会话验证发生。我怎样才能让这种方法摆脱了基本authenication的？

My problem is that when a user authenticates with http basic authentication, he/she is not logged out. the session is destroyed, but the user is able to navigate to restricted pages with no problem. This problem does not occur with session authentication through the plugin. How can I make this method get rid of the basic authenication?

推荐答案

没有什么可以做服务器端为注销，在这种情况下的用户。当用户通过基本身份验证登录，浏览器中存储的身份验证信息，并通过与每个请求的HTTP标头发送的验证参数。如果用户使用基本身份验证登录，他/她将不得不关闭他/她的浏览器窗口来注销。

Nothing can be done server-side to "logout" a user in this situation. When the user logs in through basic authentication, the browser stores the authentication information, and sends the authentication parameters through the http headers with every request. if the user logs in with basic auth, he/she will have to close his/her browser window to logout.

这篇关于与HTTP基本身份验证和restful_authentication插件注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！