Obsolete Releases > SME 8.x Contribs

Pydio not logging out

<< < (2/5) > >>

Stefano:
Nicola, Daniel told you that setting LogoutUrl and invoking webapps-update event should do the trick.. if it doesn't, something isn't working properly..
usuallly I call it "bug", hence -> bugzilla..

TIA

CharlieBrady:

--- Quote from: Daniel B. on February 28, 2014, 01:40:44 PM ---That's expected, Pydio uses a basic HTTP auth which cannot close a session (closing the browser will terminate the session). What you can do is to redirect users to any page you want when they click on disconnect:

--- End quote ---

However, when you do that, and they then go back to the pydio URL, they will still be able to access files. As you say, with http basic authentication, the only way to remove the login credentials from the browser is to close the browser.

Perhaps someone should converty smeserver-pydio to use ticket based authentication, as used in server-manager.

CharlieBrady:

--- Quote from: Daniel B. on February 28, 2014, 01:40:44 PM ---That's expected, Pydio uses a basic HTTP auth which cannot close a session (closing the browser will terminate the session). What you can do is to redirect users to any page you want when they click on disconnect...

--- End quote ---

Does it make any sense to have a 'disconnect' button on something using Basic auth?

Daniel B.:
It makes sens in some situations: for example, I'm using LemonLDAP::NG to protect my web apps, including Pydio. It's a cookie based SSO solution but emulate basic auth from the app POV. It can catch any URL and redirect users where I want. I'm using this feature to catch the classic logout link of every protected app and redirect them to the main portal. On a standard SME, as it's using pure basic auth, it doesn't make a lot of sense, but removing it would require patching Pydio itself, which I'd rather avoid

peterking:
Hi,
This is quite an old thread so I am hoping that there was a fix for this issue.
I am trying to set up my first SME Server.  I have the same problems that are described in this thread. It looks like the users weren't given any assistance.

The problem:
user1 accesses smeserver/pydio for their shared directories, however they cannot log out. When user2 on a different machine tries to access Pydio they are actually shown the same screen that user1 cannot log out from!

Obviously this is quite a serious security issue and renders the server unusable for file and directory sharing.

Can anyone point me in the right direction for a solution?

Thanks,
Peter
smeserver 9.1

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version