UPDATE: This is resolved in Ignition versions 7.9.5 and higher. Make sure you also have the latest version of the WebDev module itself.
I am working on a simple JSON api to return some tag data. I have easily been able to implement the ‘Require Authentication’ checkbox. I am facing two issues. They both revolve around the fact that the user appears to get one shot entering their credentials.
If the user enters the credentials correctly, I can’t seem to find a way for them to log out and destroy the session dictionary related to the user. I have tried setting session[‘user’] to none, and also removing the ‘user’ key from the session dictionary. I also tried using system.security.logout(). Neither of these worked.
Additionally, if the credentials are entered incorrectly, the user does not get another chance to enter the credentials. They are forced to quit their browser and reopen it to try again.
Is there a way to destroy this session[‘user’] object and prompt the user to enter their login info again without forcing them to quit and reopen their browser?
Update 8/1/17 : I have also tried resetting the session equal to an empty dict session = {}. This doesn’t seem to work. I came across a couple articles suggesting to send wrong credentials as a workaround, but this doesn’t seem to work either. Any help would be much appreciated.
I think this is a bug in the WebDev module. It seems we’re returning a 403 when we should be returning 401. Clearing the session on the server has no effect on the browser, which after seeing a 403 does not need to ask for credentials again.
Can you provide a rough timeline for when this will be fixed/released? We need to make a decision in the next few days if we will roll our own authentication or use the build in web-dev auth. Please let me know as soon as possible.
7.9.5 was released, and we have updated. However, i am still getting this issue. I have a script in webdev with just a hello world and have checked require authentication.
I am still getting a 403 response when I enter bad credentials and am not prompted again to re-enter them. I am stuck quitting my browser, then reopening to get the HTTP Basic login form to show up again.
What I really need, is to be prompted again if the login information is invalid. Additionally, if I am authenticated I would hope that sending a garbage username and password to the url will function as a log out of sorts and would expect this to send a 401 response for bad authentication.
Please let me know if there is something I am missing.