In the Django 2.2 application, user is allowed to log in "through http (Apache LDAP)" by providing username and password in the browser prompt (as shown below):
Problem is that when I logout the user using the default django logout defined in django.contrib.auth, the user is still able to access the application. In simple words, the django login and logout have no effect on the application.
I have learnt that, the only way to logout the user is by closing the browser window. But I wanted to implement the logout functionality usin django.
After a bit of googling about this issue, I found something relatable here, which shows the following method:
class HttpAuthMiddleware(object):
def process_request(self, request):
if request.path == '/accounts/logout/':
httpResponse = HttpResponse()
httpResponse.status_code = 401
httpResponse.headers['WWW-Authenticate'] = 'Basic realm="<same realm as in the http server>"'
return httpResponse
else:
# check for http headers - maybe the user is already logged in using http auth
...
This is a workaround for the logout feature. It basically checks for the request.path == '/accounts/logout/' which helps me in using the default django logout function.
I want this snippet to redirect the user back to the same login prompt that browser provides (as shown in the image above). But I'm in need of some help in completing the above code snippet and adding it to my project.
Please share anything you know about this even if it doesn't completely help me.
Thanks for any help you can offer!
