Need Log-off capability about scot HOT 4 CLOSED

Seconded. I'd like to be able to switch between my admin and user accounts

from scot.

+1 this is also really needed from a security perspective.

Is it possible maybe to expire cookies automatically after a configurable period of time?

from scot.

Cookies do expire, setting is in scot.conf and defaults to 14400 seconds.
The problem is that most browsers store your basic auth credentials and
happy resupply them. This is
a common problem.

This is being addressed though, in the next version that is nearing
completion. The entire authentication system has
been reworked. There will be additional options to get you away from basic
auth if you wish.

The first option will be known as "Remoteuser" and relies on the Apache
front end to perform the authentication. This
will allow you to integrate SSO options through Apache modules. The second
option will be "LDAP" and that will present
a form based login that auths to your LDAP server and creates a session
that is revokable (logout). The final option
will be purely local auth, in other words, a form based login that
authenticates against a local database collection
within SCOT.

If none of those are acceptable, we would welcome additional methods that
you implement.

We are pushing for release in April.

Todd

[email protected]

On Thu, Mar 17, 2016 at 4:40 AM, ghub2015 [email protected] wrote:

+1 this is also really needed from a security perspective.

Is it possible maybe to expire cookies automatically after a configurable
period of time?

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#14 (comment)

from scot.

Note: Remoteuser will always have difficulty with "logging off" due to the browser happily caching and providing authentication to the Apache web service. LDAP and Local should be able to "log-off". Still looking into this but if anybody wants to help, I'm listening. thanks.

from scot.