Logout from HTTP auth using Apache
Since there is no mechanism defined to log the user out of a HTTP authenticated session you have to use a workaround. Most browsers forget their login data once they received a 403 response. The problem is, that the user have to return to the normal starting page manually.
Update 2017-02-22: It seems that this technique doesn't work anymore in recent Firefox and Chrome browsers.
The following code, which can be embedded into an Apache VHost declaration, uses a cookie to send a 403 response to the browser the first time he requests "/logout", and redirects it to "/" on the second time. So the user can immediately login again if he want to.
Please note that the order of the declarations does matter! The Location-Block must be the last block which requires a user or group.
RewriteCond %{HTTP_COOKIE} ^.*logout=1.*$ RewriteRule ^/logout$ / [R,L,co=logout:0:%{HTTP_HOST}:0:/logout] RewriteRule ^/logout$ - [R,L,co=logout:1:%{HTTP_HOST}:0:/logout] <Location /logout> Require user nonexistinguser </Location>
Comments
Sven (not verified)
9. April 2013 - 22:36
Permalink
Hi,
Hi,
Having trouble understanding this line:
"Invalid command '<Location', perhaps misspelled or defined by a module not included in the server configuration"
I have followed your instructions and enabled rewrite module. Could you please intruct me on where I´m doing wrong,
Regards Sven
Roland
10. April 2013 - 10:11
Permalink
Hi Sven,
Hi Sven,
before a few seconds, there was an error in the escaping routine, so just to clarify: did you wrote '<Location' or '<Location'? The last one should work. If not, can you give me the complete configuration of the vhost (please use mail for this)?
Regards
Roland
LaFong (not verified)
21. February 2017 - 22:22
Permalink
I tried this, but it doesn't
I tried this, but it doesn't work for me. It stops at the 403 error. After canceling login, I can click the back arrow to get to the regular path, and the login dialog will work. I am trying to use it with Nagvis. Another user was successful with the ^/nagvis path. I am using a path like so, /xxx/nagvis/logout. Tried several RewriteRule variations, no help.
Roland
22. February 2017 - 9:29
Permalink
@LaFong: Actually this doesn
@LaFong: Actually this doesn't seem to work anymore in recent Chrome and Firefox browsers. I'll add a notice to the post.