|
|
|
|
|
|
by johannes1234321
1224 days ago
|
|
|
This requires some server side handling. The web browser could have a logout button so I can end my session. Probably that should be combined with a configured target page for the user. And well, my experience there is about 20 years old, but back then sending 401 wasn't enough. You had to send a different auth request, which then would pop up a new password dialog first. Indoubt 401 is enough today as well, as the browser can't distinguish whether a specific resource is restricted or whether the whole session should be invalidated. |
|
|