Home/ Questions/Q 7807989
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T03:01:20+00:00

I am using CakePHP to create a simple app and I decided to use

  • 0

I am using CakePHP to create a simple app and I decided to use Digest Authenticate since I can’t get an SSL certificate and don’t want passwords posted in plain-text by a form.

So it’s all working nicely, login, logout, everything works according to login status. However after logging out when I go to login again it logs in automatically without asking for a password or username. This makes it impossible to change accounts until I’ve been logged out for some period of time(a day or so?) and it asks for a username and password again. It also is a security risk if I am using a public computer and don’t want the next guy logging into my account all willy nilly without even a password prompt.

My question, is there a setting in Cake that I am missing or is this my browser remembering my credentials and offering them up when the app asks for them. I feel like logging out should clear the credentials. I have tried in Chrome and Firefox both with the same result, I am not checking any “remember my password” boxes either.

My Auth component intiation:

public $components = array('Session', 'RequestHandler', 'Auth' => array(
            'authenticate' => array('Digest'),
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'posts', 'action' => 'index'),
        ));

Login Function:

public function login() {
//No longer Auth Magic
 if ($this->Auth->login()) {
   return $this->redirect(array('controller' => 'posts', 'action' => 'index'));
 } else {
   $this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
 }
   $this->autoRender = false;
}

Logout Function:

public function logout() {
   $this->Auth->logout();
   return $this->redirect($this->Auth->logout());

}

So any ideas? The only other thing I should mention is that I had to include DigestAuthenticate.php manually in order to use use the DigestAuthenticate::password function, Cake was throwing some errors saying that the DigestAuthenticate class didn’t exist. See the issue here: http://ask.cakephp.org/questions/view/digestauthenticate

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to the CakePHP Book [here]:

    Logging out users that logged in with Digest or Basic auth is
    difficult to accomplish for all clients. Most browsers will retain
    credentials for the duration they are still open. Some clients can be
    forced to logout by sending a 401 status code. Changing the
    authentication realm is another solution that works for some clients.

    That’s probably not what you wanted to hear, but…

    • 0