Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!news.stack.nl!newsfeed.xs4all.nl!newsfeed2a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.018 X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; 'subject:Django': 0.03; 'discard': 0.07; 'dan': 0.09; 'subject:skip:a 10': 0.09; 'cc:addr :python-list': 0.11; '"standard': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'out)': 0.16; 'subject: \n ': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'cc:addr:python.org': 0.22; 'browsers': 0.24; 'server.': 0.24; 'cc:2**0': 0.24; 'login': 0.25; 'logging': 0.26; 'header:In-Reply-To:1': 0.27; 'appear': 0.29; 'generally': 0.29; "doesn't": 0.30; 'said,': 0.30; 'message- id:@mail.gmail.com': 0.30; 'code': 0.31; 'page.': 0.31; 'writes:': 0.31; 'handled': 0.32; 'another': 0.32; 'quite': 0.32; 'basic': 0.35; 'common': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'subject:?': 0.36; 'pm,': 0.38; 'short': 0.38; 'expect': 0.39; 'though,': 0.39; 'subject:? ': 0.60; 'tell': 0.60; 'unauthorized': 0.61; 'browser': 0.61; 'back': 0.62; 'effectively': 0.66; 'response.': 0.68; 'subject:system': 0.84; 'to:none': 0.92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=NepaYKrS7DBoJAxKaZBEtR0ZI/aikcHBo6/qiHu2Q18=; b=Wue7FBf1/hqgU7Mv7UNMM3iV+inSdzby3s6oaFVsfauRpQTSEVFv6uE0ow3cuADZyJ krXId6IAvzB73h9QDbVJp1a7+HxHgEXSAMLT/bSwLKSuNKmZTPWDO+aBcVsRYbeQKD62 2uELIbsp545u40VfH+NOBQm2CICn0KS6BEkUVBkTFvphXYV+26XVriZ1z1ayHq7OLczP e+CDihpTqF2LQ0tBx4mfI9BhTVKP6OUQydQ2HhjKfN5LfSadKbscnDjw1izxgpcGCHIK AQ12TOfALpruPGP9lf5Etm2m7gTQzlijZxWlX19HU4i6AjrlUiVKK447h/k2wdiaZ80u cNGw== MIME-Version: 1.0 X-Received: by 10.58.46.141 with SMTP id v13mr11717619vem.18.1402130330111; Sat, 07 Jun 2014 01:38:50 -0700 (PDT) In-Reply-To: <877g4t8cg6.fsf@handshake.de> References: <877g4t8cg6.fsf@handshake.de> Date: Sat, 7 Jun 2014 18:38:49 +1000 Subject: Re: http.server.BaseHTTPRequestHandler basic auth logout? Django authentication system for REST interface? From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 19 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1402130337 news.xs4all.nl 2879 [2001:888:2000:d::a6]:45566 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:72908 On Sat, Jun 7, 2014 at 4:23 PM, dieter wrote: > Dan Stromberg writes: > >> I have some code for a web server. Right now, it uses >> BaseHTTPRequestHandler with Basic Auth, but we want to be able to log >> out, and there doesn't appear to be a general way to log out of >> something using Basic Auth, short of turning to unportable JavaScript. > > You can't: With "Basic Auth", the login is handled by the browser > (and not the server). This implies, that you must tell the browser > to logout (and not the server). There is no "standard way" to > tell the browser to logout. That said, though, it's quite common for browsers to discard the auth (thus effectively logging out) if given another 401 Unauthorized response. So you can generally send that back and expect it to be a "logout" page. ChrisA