Unfortunately it blocks the new e10s (Multiprocess Windows) feature of Firefox.
"Mozilla has chosen to require that add-ons be rewritten to use their new Web Extensions API; previous APIs such as those used by HTTP logout will no longer be supported. I need to find some time to learn Web Extensions well enough to evaluate how straightforward it will be to rewrite HTTP logout to use it, and at that point I will know enough whether I can rewrite HTTP logout to use it, or abandon the add-on entirely."
Since then, I've looked at Web Extensions and as far as I can tell, it has no equivalent to the XUL nsIHttpAuthManager API that HTTP Logout relies upon. Until Mozilla adds such an API to Web Extensions, I don't have a way to port HTTP Logout to Web Extensions.
Google accounts aren't implemented using basic/digest authentication, so this add-on doesn't work for those. Cookie-based auth systems support logout in various ways (e.g. by deleting a specific cookie); some don't even support logout at all.
As for auto-log-out when the browser is closed, when you shut down your browser, basic authentication or digest authentication sessions will not be retained. You can see that by shutting down your browser and starting it up again: you will find that you need to log in again to your basic and digest auth sites.
I have some questions and suggestions... hope you respond:
1) Does this addon not work on any https connections (just http)? I tested on two HTTPS connections and this addon wouldn't log me out. Is there any intention of making this addon work with https? It seems from my ancedotal memory, that 7/10 of the websites I Logon to ARE https. 2) Selecting Options>Privacy>History(Settings-Button)>[ActiveLogins] - logs one off of ALL (http & https) connections when one exits firefox. It does this by clearing cookies? Anyway, isn't there a way to do this WHILE Firefox is running? 3) As to logging out of individual sites.The addon "Browser Sign In" at - https://addons.mozilla.org/en-US/firefox/addon/browser-sign-in/ - allows one to sign out of individual sites IF they use a certain "session API" protocol. Maybe you could merge some code? 4) Further - I'm not sure if simply deleting a cookie equals logging out, but couldn't you search through the cookies and detect which ones have a value of "logged-in=true" or such, and delete those cookies? 5) And if that is possible... then you are well on your way to deleting site-specific cookies, and thus site-specific log-ons.
I do want to caveat for all future readers... I am not at all sure that these conjectures are correct, so it just might be that the addon-developer is correct in stating that there is no current work-around way to implement these features.
Thanks for the addon, and for any replies. PS - I'll be glad to improve my rating if these ideas are considered.
[EDIT: Bumped the addon up to four stars after the excellent reply I received (only one day after the question) -- and realized that the few errors I received must have been the exception to the general rule -- still, kinda strange the fist two sites I went to didn't work (ie, they used a cookie-login scheme or such). I also thank the developer for providing resource links for me to further contribute. Good luck with the project!
HTTP basic or digest authentication, and my add-on, does indeed work over https: in fact, you wouldn't want to do basic authentication any other way since otherwise passwords pass over the network in the clear. You might be trying to use a site that uses some other form of authentication (many sites use various cookie-based schemes), and in those cases, my add-on won't help, you'll need to look for the sites' own logout link/button/menu option.
Active Logins are indeed firefox' way of describing http basic or http digest authenticated sessions, but I don't know of a way for an add-on to get access to, and sign out of, individual active logins.
The "browser-sign-in" add-on you mention seems to use an old API for verified emails; as far as I can tell, this API has nothing to do with basic or digest authentication.
Basic or digest authentication has nothing to do with cookies, either.
I do appreciate your keenness to help move things forward. If you're interested in more details about basic or digest authentication, rfc2617 is authoritative and the wikipedia articles on "basic access authentication" and "digest access authentication" aren't so bad.
Tremendous idea and a nice step forward to the right direction. Thank you so much for dedicating your expertise and time into this project. Anyhow there's room for improvement, as always. Selecting HTTP Logout from the Tools menu in the Menu Bar is too cumbersome, also considering that many users don't visualize the Menu Bar anymore. You can avoid this issue by using the key shortcut Alt+T+L, but it's beside the point. I think you should deploy an icon in the Status Bar that execute the command by just clicking. Moreover it feels a necessity to have the add-on cleaning up automatically the HTTP session after every Tab is closed.
Anyway good job here and I hope you'll follow my suggestions! Take care.
I agree it can be cumbersome to choose the option from the tools menu, which is why it is also available in the context menu (right-click or long-click on most tablet/phone browsers). I personally use it from the context menu much more often than I use it from the tools menu. Try it; you will find it more convenient, I think.
But I'd rather not add yet another icon in the Status Bar -- I don't think it's necessary to use up precious screen real-estate simply for a log-out button.
Works as advertised, but would like just a little bit more functionality, hence the 4/5 rating.
Ideas for improvement:
1) Allow me to log out of JUST the current site, ideally by adding a logout button to the URL bar.
2) If you're going to blow away all basic auth logins, warn me first, but let me disable the warning.
Edit: Response to Dev, since the review feature doesn't seem to let me :-/ :
I figured as much. Wish I had time to hack on Mozilla internals - if I did, I'd add this capability. Since I don't, thanks for everything you've done so far, and for the reply - it's greatly appreciated!