Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have enabled the secure site module inorder to password protect my test site. I want only the site is accessed by myself and is also not accessible to search engines.
I have made the following settings -
Force authentication: Always
Allowed authentication types: HTTP basic
HTML log-in form
Now, When I click on log-out link, Authentication required box pops up and so I fill in the username and password again but this does not make any change. I am still on the same page. I am not able to logout.
Where am I going wrong??
Comment | File | Size | Author |
---|---|---|---|
#8 | securesite-cannot-log-out-better-487246-8.patch | 418 bytes | Lanny Heidbreder |
Comments
Comment #1
Junyor CreditAttribution: Junyor commentedHTTP Authentication doesn't really have a logout mechanism. A work-around is to show the authentication dialog again. So, you're logged out when you see the dialog but by entering your credentials, you're logging back into the site. Instead of entering your credentials, just cancel the dialog and you should be all set.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedIf I get this right, you don't have a problem with the http-authentication, but with the login/logout machanism of drupal. I'm experiencing the same problem.
I expect the logout to work as follows:
- user clicks logout
- user is logged out from drupal
- the http-login dialog is displayed again.
- if the user enters correct credentials, he is logged in to drupal again, using the newly entered credentials
- if the http-login dialog is cancled, the user lands on the frontpage of drupal, but not logged in to the website
Comments are welcome.
Comment #3
Darren OhUnless you are using Securesite only for 403 errors, forced authentication requires a user to log in before seeing anything. Some browsers are not capable of displaying anything after HTTP authentication is canceled. However, I would like to have the option of allowing browsers to display the anonymous version of a page. See my comment in issue 354219. Haven't had time to do any work on it since posting the patch there.
Comment #4
kenorb CreditAttribution: kenorb commentedTo not open another duplicate, I wanted to make sure that I'm testing it right.
My steps are:
1. I've logged as guest/guest (which is my correct pass for Secure Site).
2. I'm logged as guest (HTTP Auth), so now I'm logging-in via Drupal login form (/user). Now I'm logged in as an user.
3. I'm trying to log-out at /user/logout to be Guest again (as anonymous).
4. But then authentication pop-ups, so I'm trying to enter my guest/guest credentials, but it doesn't work anymore. If I cancel, Password reset page is shown.
Tested with Chrome on OSX.
This is the correct behaviour? I'm using 7.x
Comment #5
fuquam CreditAttribution: fuquam commentedUsing Chrome OSX as well and having the same problem. When I try logging out it brings up the log in window (secure site, not drupal). If I hit cancel or close the browser window and open the site from a new window it shows that I'm still logged in.
Comment #6
nimoatwoodwaysame problem here. not possible to logout using
- Force authentication: Always
- Allowed authentication types: HTTP basic
Logout works with using "HTML log-in form" as authentication type.
any updates on this? tried to use hook_user_logout() in own module and _drupal_session_destroy() with no luck.
Comment #7
Lanny Heidbreder CreditAttribution: Lanny Heidbreder at Stone Ward commentedPatch attached. I think the issue was caused by the fact that
drupal_exit()
commits the current session, and the$user
variable still had the logged-in user. I replaced it with the anonymous user, and now things seem fine.Comment #8
Lanny Heidbreder CreditAttribution: Lanny Heidbreder at Stone Ward commentedBetter patch attached; I just learned about the
drupal_anonymous_user()
function.