Fileserver WebDAV doesn't offer logout

DaveB's picture

When using the Fileserver appliance's WebDAV feature, I see no way to logout.  The onlly thing I have found that works is to clear the cookies in the browser (Chome).  Once I do this and reload, I am presented with a new Login popup.

Is there a reason there is no logout button as there is with Webmin, etc.

Thanks!

DaveB

Jeremy Davis's picture

As the name suggests, Apache's mod_auth_basic (aka basic-auth) provides a very basic authentication system. As you note, unfortunately that doesn't provide a mechanism to log out. Ideally we probably should note that as a "feture request" because it certainly would be better if users could explicitly log out.

As a bit of background, it was an intentional decision. WebDAV CGI does actually provide an alternate authentication mechanism it refers to as session authentication. We did initially consider using that, but there were potential issues. Slower performance, potential for session attacks, requirement for different WebDAV and WebDAV CGI urls were our main concerns. So we decided to go with Apache basic auth.

However, as noted in this stack overflow thread there are ways to still provide a "logout" feature. When we released v14.2, we actually contributed some code back to WebDAV CGI, so we may look at this a bit more and perhaps provide this in the next release (v15.0). Speaking of which, we're still quite a way before we'll have an updated appliance, so in the meantime, you'll need to explicitly clean the cookies. Although some of my reading suggests that simply closing the browser (so long as the sessions also close) should also do the trick.

Sorry I don't have any better news for you...

PS I just opened a feature request on our issue tracker so this doesn't get forgotten.

DaveB's picture

Thanks for the helpful explanation!  

Post new comment