HTTP Authentication and Logoff



Atrium uses HTTP authentication, which is handled between the web browser and web server. Once signed into a site using HTTP authentication, the web browser will remember the credentials and automatically resend them to the server when challenged again. In order to clear the credentials, it's necessary to close ALL browser windows, as the browser considers a 'session' to exist across all open windows/tabs (even unrelated ones). For this reason, the Logoff button in Atrium instructs the user to close all browser windows. 

Atrium includes an option to force the browser to clear the HTTP authentication credentials when the Logoff button is used, but this is not enabled by default as doing so will clear credentials in other windows/tabs, due to HTTP authentication. If enabling this option, you may consider limiting the user to 1 Atrium window in the user/group settings. 

Enabling this setting requires setting an environment variable in the HTTP server configuration. The following line can be used: 

SetEnv PUI_ATRIUM_CLEAR_CREDENTIALS 1

The HTTP server instance must be restarted to make this change effective.