I have IIS6 configured with Windows Authentication for a seamless sso connection to drupal. When I acces the site from outside my domain it prompts for credentials (as it should). When logged in, there's the possibility to press the logout button.
When that happens the user is logged back in automatically since it's credentials are still available in the browsers cookies.

Is there a way around this?


kswan’s picture

What you are seeing is normal. I have submitted a patch to improve this behavior here http://drupal.org/node/22981#comment-985701. I would appreciate you testing my patch and informing me of any problems.

This patch allows the user to log out and automatically redirects to the login page.

I am not sure if your problem is actually the cookie or not, but you could try setting the session.cookie_lifetime to 0 in you settings.php file.

Paul Natsuo Kishimoto’s picture

Status: Active » Closed (fixed)

I am marking this as closed, since the discussion seems to be continued in #22981: Logout after NTLM login.