0

I have the following test snippet:

def check(username, password):
    if username == "b" and password == "password":
        return True
    return False

@route('/logout')
@route('/logout', method="POST")
def logout():
# template with a logout button
# this does redirect successfully, but this shouldn't happen 
    redirect('/after-login')


@route('/after-login')
@auth_basic(check)
def after_login():
    return "hello"

@route('/login')
@route('/login', method="POST")
def login():
    return template("views/login/login_page")
    username = post_get('username')
    password = post_get('password')

I'm attempting to log out of the system, but I haven't been able to find any resources on how to do this. Basically, I tried dir(response) and dir(request) and haven't found any functions that appears to set the session off (mostly attempting to reset cookies), unless I close the browser.

dizzystar
  • 1,055
  • 12
  • 22

2 Answers2

0

Issued the same problem. Well, The decision I found in docs and used is response.delete_cookie('<cookiename>') So every time I enter the page with setting any cookies, first I delete all possibble to change cookies.

Amphyby
  • 73
  • 1
  • 11
  • Won't work in this case. The OP's code uses Basic Auth, not cookies. – ron rothman May 10 '16 at 17:29
  • anyway it doesn't worked for me as described. Every time i deleted all the cookies this way all set_cookie wasn't working any longer in every metod for particular routes. So the only thing worked was deleting all the cookies that wasn't re-set – Amphyby May 11 '16 at 12:49
0

You want to log out of HTTP Basic Auth, which is not really what it was designed for. But there does seem to be a way: return an HTTP 401.

from bottle import abort

@route('/logout', method=["GET", "POST"])
def logout():
    abort(401, "You're no longer logged in")

Does this work?

Community
  • 1
  • 1
ron rothman
  • 17,348
  • 7
  • 41
  • 43