Rack::Auth::Basic destroying session (log out)

Question

I made authorization using Rack::Auth::Basic, it works, but I need to be able to destroy user session and let him re-login or log out. How it can be made?

Answer 1

Hello sorry for the late response I just saw your post, maybe it still could help you: This code was take from the Sunstone application which is part of OpenNebula http://opennebula.org/

use Rack::Session::Pool

def authorized?
    session[:ip] && session[:ip]==request.ip ? true : false
end

def build_session
    auth = Rack::Auth::Basic::Request.new(request.env)
    if auth.provided? && auth.basic? && auth.credentials
        user = auth.credentials[0]
        sha1_pass = Digest::SHA1.hexdigest(auth.credentials[1])

        rc = SunstoneServer.authorize(user, sha1_pass)
        if rc[1]
            session[:user]     = user
            session[:user_id]  = rc[1]
            session[:password] = sha1_pass
            session[:ip]       = request.ip
            session[:remember] = params[:remember]

            if params[:remember]
                env['rack.session.options'][:expire_after] = 30*60*60*24
            end

            return [204, ""]
        else
            return [rc.first, ""]
        end
    end

    return [401, ""]
end

def destroy_session
    session.clear
    return [204, ""]
end

Answer 2

There is no session associated with HTTP Basic Authentication, if you want to link authentication with a session you'll have to do it at application level, sounds hard as a Rack middleware.