Feature Request: Logout function
Issue #86
wontfix
As of version 5.8.1 there is no clear method for logging out without closing the browser and clearing all sessions.
This seems like a fairly simple thing to add, and I may try it myself, but would be nice to see in future versions.
- Quixote
Comments (3)
-
repo owner
-
repo owner
- changed status to wontfix
Will not be added in this major version series. Might in a later.
-
repo owner
- removed version
Removing version: 5.8.1 (automated comment)
- Log in to comment
Monit uses Basic Authentication, described in RFC 2617. Once authenticated, a browser will continue to send the Authorization header with every subsequent request. Thus, the concept of logout does not exist with Basic Authentication and the only way to stop the browser from sending the information is to restart the browser.
One way to provide logout is to implement a HTTP session store, keyed on session cookies and use form based authentication. This is simple if you program in PHP, Java, Ruby etc where HTTP sessions and cookies are handled for you. Not so simple if you have to implement this from scratch in C. We do already have C code for implementing this, but I'm not sure the work to bolt it on and the extra memory use in Monit is worth it. Security wise, if communication is over HTTPS there is little benefit.