http.server.BaseHTTPRequestHandler basic auth logout? Django authentication system for REST interface?
Chris Angelico
rosuav at gmail.com
Sat Jun 7 04:38:49 EDT 2014
On Sat, Jun 7, 2014 at 4:23 PM, dieter <dieter at handshake.de> wrote:
> Dan Stromberg <drsalists at gmail.com> writes:
>
>> I have some code for a web server. Right now, it uses
>> BaseHTTPRequestHandler with Basic Auth, but we want to be able to log
>> out, and there doesn't appear to be a general way to log out of
>> something using Basic Auth, short of turning to unportable JavaScript.
>
> You can't: With "Basic Auth", the login is handled by the browser
> (and not the server). This implies, that you must tell the browser
> to logout (and not the server). There is no "standard way" to
> tell the browser to logout.
That said, though, it's quite common for browsers to discard the auth
(thus effectively logging out) if given another 401 Unauthorized
response. So you can generally send that back and expect it to be a
"logout" page.
ChrisA
More information about the Python-list
mailing list