6

I am using this below method to logout from the HTTP server which is using Basic HTTP authentication. This work fine with IE and FireFox . But in case of Chrome , I am able to get the html file even with the wrong user name and password.

In Chrome , the flow is , I am getting "********** Failed ***********" error then the requested page(some_server_file.html) is shown.

But in IE/Chrome , the flow is , I am getting "********** Failed ***********" error then login dialog is prompting for the credentails.

Someway , Chrome is sending the correct user name and password even after the first request failed with the wrong credentails.

Can anyone fix the Chrome issue?

function logout() {
    jQuery.ajax({
            type: "get",
            url: "some_server_file.html",
            async: false,
            username: "wronguser",
            password: "wrongpass",
            headers: {"Authorization": "Basic xxx"}
        })
        .success(function () {
            console.log("********** Success ***********");
        })
        .fail(function () {
            console.log("********** Failed ***********");
        });
    return false;
}

Thx

JavaUser
  • 25,542
  • 46
  • 113
  • 139
  • I think this might help you. It's apparently working in Chrome 54 possibly working on later versions as well. Essentially you send incorrect credentials to clear the auth cache in chrome. See http://stackoverflow.com/a/30308402/1917897 for more details. – RaviU Apr 06 '17 at 15:25

1 Answers1

1

Basic Authentication wasn't designed to manage logging out.

If you want to be able to logout users you can create an endpoint on your server that returns HTTP 403 (forbidden) status code back. This will trigger the browser to "logout" / clear the basic authentication cache.

User clicks logout button --> 
Ajax call to /logout which will return HTTP 403 --> 
Browser basic authentication cache will be cleared
jeanfrg
  • 2,366
  • 2
  • 29
  • 40