[Fixed]-Logout not working


Solved It! It was because of BasicAuthentication being enabled. I guess i logged in via HTTP login in browser and logout doesnt seem to work for that.I removed BasicAuthentication and everything seems to work fine now.


I encountered this problem today and solved it by changing the order to the following:



Actually logout is working, but during the redirect (to a view that requires authentication, because we use permission IsAuthenticated) at the end of logout, BasicAuth auth the request again using cached HTTP authentication header information:

auth = request.META.get('HTTP_AUTHORIZATION', b'')

So like OP said, we can disable BasicAuth and use SessionAuth only. But the thing is, we sometimes may need to access API without GUI, we can use TokenAuth instead. Since BasicAuth/TokenAuth is not so secure anyway (https://www.rfc-editor.org/rfc/rfc2617), it might be better that we use OAuth2 or other more secure auth schemes. It depends on the demands anyway.

Leave a comment