Michel Pelletier wrote:
HTTP Basic auth esentially does not let you logout. You have two choices, 1) quite your browser, or 2) <dtml-raise Unauthorized></dtml-raise>. The second one, raising Unauthorized, will cause your browser to prompt your for login credentials. To logout, hit 'cancel'.
Keep in mind that none of this has anything to do with Zope, but rather HTTP Basic authentication. They call it 'Basic' for a reason, it's simple and not flexible and the HTTP designers probably expected much more sophisticated techniques to be developed in its place. Several much more secure and intelligent techniques have been developed, but the authors of browser software don't give a damn or want to foist proprietary protocols on the user.
Michel, While I was aware of HTTP basic auth's limitations, and the <dtml-raise Unauthorized> fix, this was the first time I'd heard of any proposed extensions/replacements. can you point to any projects/proposals in this regard? If support for an improvment could be folded into Apache, Zserver, and Mozilla, that might put enough pressure on other companies to support it too. Michael Bernstein.