0

I've found out that due to the way HTTP Basic Authentication works I need to unauthorize a client in order for the browser to forget the session id. I found a way to do that but I still need to send log out query after unauthorization. I changed the logout request to redirect it to the unauth url, in my django views.py function for logout. But I could not find any way to redirect the client to previously mentioned logout url afterwards, since the logout function can only return one response. Any questions regarding why can't I logout (How do I log out?" Short Answer: "You can't. Sorry.)

I tried to find the apache2 default handler for 401 and redirect any 401's to the logout url, but I could't.

I tried to add a custom handler in django for 401 exception, but I still couldn't get django to detect the 401. It seems like only apache handles it.

How can I redirect a client to another url(logout) after he has received 401 Unauthorized?

Better yet, how can I handle 401 in apache?

Malazzar
  • 21
  • 3
  • It's a pretty terrible idea to use HTTP Basic auth for anything serious. This is one reason why. It's also pretty simple to implement AAA in pretty much any web framework. Django has [its own system](https://docs.djangoproject.com/en/3.1/topics/auth/) built right in. – Michael Hampton Sep 02 '20 at 16:18
  • I understand but nonetheless the system has already been created by my team, and I just need to change this part of the code. Do you have any idea how I can do that ? – Malazzar Sep 03 '20 at 06:04
  • "You can't. Sorry." – Michael Hampton Sep 03 '20 at 14:16

0 Answers0