Why is there no logout on the traveler website? Sometime I will test username/password for users, but I can’t logout after that en need to wait x hours to logout.
Subject: RE: Traveler homepage logout
The reason is because Traveler is using HTTP basic auth. Handling form based login on the devices is problematic due to customizations/permutations of the forms or not supported at all in the sync flow (Apple).
Given that HTTP basic auth is being used, there is no way to force the client (be it a browser or Traveler application) to prompt the user for new information. If the browser gets back a 401, it will just used the credentials that it has saved (without prompting the user) and then you are just logged back in as the same user again (not what you want). There is not HTTP spec way to force the client to clear the information and prompt for new ones.
It is annoying in testing multiple users because of this. Of course, most security guidelines say you shouldn’t know the user’s credentials anyway, so it isn’t an issue for most people. When we test internally on our development servers, we just have to close the browser and open it back up which will then prompt again.