I just plugged RESTful authentication into my application (following the outline given in Ryan Bate’s railscast). As I was doing so, I was reading through the code. (I know, what a concept! :-)) I noticed that the AuthenticatedSystem#access_denied method redirects to #request_http_basic_authentication for anything other than .html requests. Being a naturally curious kind of fellow, I logged out of my application and plugged in http://localhost:3000/documents.xml to see what would happen. Sure enough, the standard web login/password screen popped up on my browser (Firefox 3.0.5). After providing my username and password, I got to see an XML representation of my data. So then I when I went back to http://localhost:3000/documents, I was able to see the documents in my database, having used HTTP authentication to log in.
Well, that was kinda cool… I guess.
Then I tried to log out.
And I tried again.
I could no longer log out of my application. Nothing I tried worked. I tried shutting down and restarting the server (Mongrel). I tried changing the session secret key (restarting the server). I tried deleting the cookie from Firefox. I tried deleting all cookies from Firefox.
Finally, I exited Firefox, restarted the server, restarted Firefox, and got back to my “not logged in” screen.
Just in case there are other “naturally curious kinds of people” out there, with more time on their hands than is really good for them, I thought I would write this down, send it out, and see what folks say.
What do folks say?