aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs/logout_in_ikiwiki.mdwn
blob: d9b6df677209039153d27981bf7bd76484998efc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
It looks like there is no way to logout of ikiwiki at present, meaning that if you edit the ikiwiki in, say, a cybercafe, the cookie remains... is there some other security mechanism in place that can check for authorization, or should I hack in a logout routine into ikiwiki.cgi?

> Click on "Preferences". There is a logout button there. --liw

> It would be nice if it were not buried there, but putting it on the
> action bar statically would be confusing. The best approach might be to
> use javascript. --[[Joey]] 


>> I agree that javascript seems to be a solution, but my brain falls 
>> off the end of the world while looking at ways to manipulate the DOM. 
>> (I'd argue also in favor of the openid_provider cookie expiring 
>>  in less time than it does now, and being session based)

>>> (The `openid_provider` cookie is purely a convenience cookie to
>>> auto-select the user's openid provider the next time they log
>>> in. As such, it cannot be a session cookie. It does not provide any
>>> personally-identifying information so it should not really matter 
>>> when it expires.) --[[Joey]]

>> It would be nice to move navigational elements to the upper right corner 
>> of the page...

>> I have two kinds of pages (wiki and blog), and three classes of users  

>> anonymous users - display things like login, help, and recentchanges,

>> non-admin users - on a per subdir basis (blog and !blog) display 
>> logout, help, recentchanges, edit, comment 

>> admin users - logout, help, recentchanges, edit, comment, etc