3.3 is already a stable release, meaning brand new options/features are
no longer accepted. The only exception ther eis if some major security
hole is fixed by adding one or backports of existing squid-2 features.
Neither of which seems to applicable here.
FWIW "logout" is not a concept relevant to Squid. Which is perfroming
the simple test of wether the credentials presented on a request are
valid at that particular point of time.
THe use of a credentials cache complicates this somewhat, but logout is
equivalent to TTL in a cache. When the TTL expires the backend gets
re-checked for validity at which time it may decode to start rejecting
them. Which is what some people call "logged out".
I have made some efforts in the 3.4+ series now that key=value
parameters to work towards the helpers providing a more dynamic ttl=N
parameter and have the cache entry use that instead of the fixed config
value. If you want to pick that up and carry it forward it would be great.
Amos
OK, I think I will take a look
For the record, here patch for 3.3.11
New credential value: - Banned - in
src/auth/UserRequest.h (but now only used in basic
auth)
With this patch when auth_param basic
credentialsttl is expired the browser show the ID
banner.
CRED_CHALLENGE = 1, ///< Client needs to be
challenged. secure token.
CRED_BANNED = -3, ///< Client needs to be
rechallenged. banned.
CRED_VALID = 0, ///< Credentials are
valid and a up to date. The OK/Failed state is
accurate.
CRED_LOOKUP = -1, ///< Credentials need to
be validated with the backend helper
CRED_ERROR = -2 ///< ERROR in the auth
module. Cannot determine the state of this request.
http://numsys.eu/divers/squid/auth.patch
