How to logout a user who is logged in using HTTP Authentication
How Do I?
I’m still using v2.x. Yes - I promise to update soon!
I have restricted access to a template using HTTP Authentication.
How do I put a link on the template to enable the user to logout?
I feel it should be very easy but have not found a way so all help would be much appreciated.
I’d prefer not to use a plugin as that only complicates the upgrade to ee3
I may not be grasping what you’re asking as it’s the end of a long day here.
Are you looking for this?
<a href="http://{path=logout}">Log Out</a>Thank you, Kurt that is exactly what I wanted and it appears to log the user out (they get the ‘You are now logged out.’ message and are diverted to another page) but they still have access to the restricted page without logging in again! They are only logged out when they close the browser.
Do you have any further suggestions?
HTTP Auth isn’t build with the ability to logout in mind. In real, it’s a mess. There are a lot of “solutions” and workarounds flowing around. You can google for it or maybe look here: http://stackoverflow.com/questions/449788/http-authentication-logout-via-php Maybe you get inspired….
Good luck, Ingo
Thanks, Ingo.
I shall hunt for inspiration!
Yep, Ingo’s correct, HTTP Auth isn’t designed for session-based access. Can I ask why you’re using that on top of user login?
Thanks for the reply.
I just want to restrict access to one template to a group.
If there is a simpler/better way I’d be glad to know of it
I used Template>Access to set permissions.
If I enable HTTP Authentication in that dialog, users have to login to view the page as intended but the logout doesn’t work (it shows a logout confirmation but the user can still view the page without logging in again).They are logged out only when they close the browser.
If I disable HTTP Authentication, then anyone can view the template without logging in.
Each template has own access control in its settings, just assign the allowed member group to the template. It should a list of member groups above the HTTP Auth settings…
Thanks, Ingo. Yes - that is exactly what I have done (see attached) all along. The problem persists.
Might I have done something silly somewhere else?
Can you turn off HTTP Auth, clear caches, and try again? Also is that an image artifact next to the “View” link? There’s something in the image that is not standard that makes me wonder if you have add-ons installed or customization that might be interfering.
Thanks again. I disabled HTTP Auth, cleared the caches and re-enabled HTTP/Auth as suggested.
Users are still not being logged out.
The thing next to the ‘View’ link in the image is, I think, a key. It disappeared when I cleared the caches.
The only add-on that I think could be affecting things is the Member Management Module. It seems an unlikely culprit
Thanks again. I disabled HTTP Auth, cleared the caches and re-enabled HTTP/Auth as suggested.
We are suggesting that you do not enable HTTP Auth. It is not the type of access requirement you are looking for. You want regular access control by member group only.
You misunderstood something. You should leave HTTP Auth OFF. Turning HTTP Auth on adds a second Auth method. If you have HTTP Auth off, only the selected member group can view the template ( page ) if logged in. If you turn HTTP Auth on, only the selected member group can view the template, but have also provide user / password again. Got it? Hope this helps, Ingo