Solved: How to logout of Windchill

dschenken · ‎Feb 20, 2015

Windchill connections are managed by browser cookies. Delete all the cookies and you will delete the Windchill authentication cookies and with them the login.

I'm sure some finesse can be used to locate and remove just those cookies affecting the Windchill connection.

jessh · ‎Feb 22, 2015

The HTTP basic authentication protocol has no support for any notion of "logout". The most one can do is some client/browser-specific action to get the client to stop using the set of credentials it has cached for a given host and realm and optionally start using another set of credentials. As others have noted, such client-specific actions exist in various browsers for those who find them useful.

If you need a true sense of "logout", i.e. one that is understood by the server and that truly ends a login session, then you'll need to use a different authentication scheme, e.g. form-based authentication using cookies. This is supported as of Windchill 10.1 M010, but requires that you select a form-based authentication mechanism you wish to use. In general such mechanisms also tend to impose an idle timeout on login sessions, which can be a source of annoyance for end users. If you enable form-based authentication in 10.1 M010 or higher you will get a "logout" action in the Windchill UI.

View solution in original post

dschenken · ‎Feb 20, 2015

From the PTCUser portal, http://portal.ptcuser.org/p/fo/st/thread=41561&per=10&sort=0&p=1

Actually to "logout" of Windchill requires the browser to forget the

user name and password. Recent versions of Firefox have this ability under:

Tools | Clear Recent History and then make sure you only select

"Active Logins"

Or you can download the "Web Developer" addon for FireFox which provides

this functionality (and a whole lot more) under:

Miscellaneous | Clear Private Data | HTTP Authentication

FireFox also give one the ability to run multiple profiles so you can

be logged into a given website (such as your Windchill install) as

different users at the same time.

OR

There is no need to close all the Tabs if you are using FireFox

to log out using Firefox you can use "Ctrl+Shift+Del" or "Tools | Clear Recent History" then refresh the page "F5" FireFox will prompt for user name and password, once you log in as a different user you have that users access permissions in all of the open "Tabbed Pages"

TomU · ‎Feb 20, 2015

If you need to switch users, even if currently logged in, just add "username@" in front of the Windchill URL. If the username is different from the currently logged on user you will be instantly prompted for new credentials.

jessh · ‎Feb 22, 2015

The HTTP basic authentication protocol has no support for any notion of "logout". The most one can do is some client/browser-specific action to get the client to stop using the set of credentials it has cached for a given host and realm and optionally start using another set of credentials. As others have noted, such client-specific actions exist in various browsers for those who find them useful.

If you need a true sense of "logout", i.e. one that is understood by the server and that truly ends a login session, then you'll need to use a different authentication scheme, e.g. form-based authentication using cookies. This is supported as of Windchill 10.1 M010, but requires that you select a form-based authentication mechanism you wish to use. In general such mechanisms also tend to impose an idle timeout on login sessions, which can be a source of annoyance for end users. If you enable form-based authentication in 10.1 M010 or higher you will get a "logout" action in the Windchill UI.

Marco_Tosin · ‎Feb 23, 2015

David,

I don't remember where I found it, but you can create a Windchill logout button in a browser in this way.

Add a link with below address.

javascript:window.location.href=window.location.href.replace(/:\/\//,"://dummy@");window.location.reload();

Marco

dschenken · ‎Feb 23, 2015

Sure - there's a ton of them.The real problem is that "basic access authentication" was developed in the mid 1990s and never included a method to indicate the server was done with the client certification. Gotta love the stateless choice for an interface that has a state. It's still a discussed problem for any system using basic access authentication. http - How to log out user from web site using BASIC authentication? - Stack Overflow and HTTP authentication logout via PHP - Stack Overflow, for example. The heart of the problem is HTTP/1.1: Security Considerations where it says "This is a significant defect that requires further extensions to HTTP." I would love to read this mess, but not that interested anymore http://www.ietf.org/rfc/rfc2617.txt

Near as I can tell this was developed when browsers were single page at a time, so only one session existed at a time and closing the browser when done with a session was no big deal. The UI concept is similar to a keyfob for your car: Push the button to unlock the car and the car stays unlocked until the battery is removed from the car. No button to re-lock the car. Not their best thought.

This has been a thorn (rather than a full blown problem) for Windchill admins for a long time. They need to switch easily between user IDs to ensure that all the settings are right, but until recently Windchill had no method in place to support it. From the above response 10.1 allows the substitution of forms based authentication which does support 'logout' much like this support website does.

The stackoverflow articles are quite interesting, particularly for the way different browser makers all don't cooperate on solving what ended up, by spec, as a client side problem.