Hi,
In fact, the problem is "how to tell my browser to stop sending the authentification" that is sent in all its HTTP requests.
I've added a "logout" buton on my web page to logout.
Then I've tried, the following logout methods but they don't work (at leat with Firefox) .
- change the realm on server side : the browser was expected to request a new authentification for the new realm but it does not and keeps on sending the same authentification that is accepted by server.
- send status 401 to force the browser to forget the authentification : does not work and reloading a page on the browser still send the authentication
The only reliable solution is to close the browser.
But in addition, when I used MQX 3.4, I found a bug in the code (seems to also apply to MQX 3.7) : when an authentication was received it was kept by the server and reused for further requests even if no authentication was present in these requests.
As a result, once authentication was sent at least once, access was possible from any other browser without authentication, and closing a browser to force another authentication did not work.
To solve the problem, I had to edit rtcs/source/httpd/httpd.c in the BSP and added the following init to httpd_readreq() :
/* Clear request fields before filling them to remove data from previous request (mainly auth/authPasswd) */
session->request.path[0] = 0;
session->request.urldata = "";
session->request.auth[0] = 0;
session->request.authPasswd = session->request.auth;
session->request.method = HTTPD_REQ_UNKNOWN;
session->request.content_len = 0;
just before
// read the request
