HTTP Digest Auth makes it "impossible" to log out

[tibbe]

Being able to log out is useful in a number of circumstances e.g. if you're using someone else's computer or if you have several account. Using HTTP Digest (or Basic) Auth makes it more or less impossible to log out (short of clearing your browser's stored passwords).

[dcoutts]

I've read that it's possible to do this using a bit of cunning trickery. But it's true, browsers do have rather poor support for standard http authentication which we then have to live with or work around.

I think it's worth investigating these tricks. I know that trac uses (or can use) this approach. I'd really rather not force ordinary automatic clients to use a non-standard auth mechanism just because of browser UI issues. Allowing multiple (so simple clients can use standard mechanisms) would be ok but it's not desirable to duplicate things if we don't have to.

[gbaz]

lmao, ugh https://stackoverflow.com/a/43990171/371753

(i mean we may want to try this anyway)

[gbaz]

Alternately, we could just take the hint and lean towards having a more modern auth system.

[gbaz]

You can now logout by clicking on the "account management" link in the "user accounts" page, and then there's a "logout" button in the far right of the topbar. This is a rather awkward process, but it exists, at least...