Re: [Zope-dev] De-Authentication / Logout
"Roger" == Roger Espinosa <roger@umich.edu> writes:
Roger> At 4:40 PM -0500 3/12/99, Jason Spisak wrote:
Zope-misters
Is there a setUser type method for AUTHENTICATED_USER? I have tried everything, and there isn't any docs. I am trying to have a user logout without having to quit Netscape. Any thoughts? --
Roger> It's always been my impression that unless Zope can be fitted Roger> with a cookie-based-authentication system (vs. the current Roger> basic-auth), there's *no* way to force a "logout" because of Roger> the way the *browsers* handle basic-auth. Generally, the workaround/kludge is to change the authentication realm to something different, since most browsers seem to only remember authentication information for the most recent authentication realm (if I recall correctly). Also note that lynx gets it right since you can press _ to make it forget all known authentication information. - Andrew -- #!/usr/bin/env python print(lambda s:s+"("+`s`+")")\ ('#!/usr/bin/env python\012print(lambda s:s+"("+`s`+")")\\\012') print(lambda x:x%`x`)('print(lambda x:x%%`x`)(%s)')
On 13 Mar 1999, Andrew Snare wrote:
"Roger" == Roger Espinosa <roger@umich.edu> writes:
Roger> At 4:40 PM -0500 3/12/99, Jason Spisak wrote:
Zope-misters
Is there a setUser type method for AUTHENTICATED_USER? I have tried everything, and there isn't any docs. I am trying to have a user logout without having to quit Netscape. Any thoughts? --
Roger> It's always been my impression that unless Zope can be fitted Roger> with a cookie-based-authentication system (vs. the current Roger> basic-auth), there's *no* way to force a "logout" because of Roger> the way the *browsers* handle basic-auth.
Generally, the workaround/kludge is to change the authentication realm to something different, since most browsers seem to only remember authentication information for the most recent authentication realm (if I recall correctly).
For browsers that store passwords by realms (I believe M$ IS 4+ does this way), it is neccessary to force browser to forget password by asking different password for the same realm. I know some sites on the Net really do logout this way. (One of my projects is among them).
- Andrew -- #!/usr/bin/env python print(lambda s:s+"("+`s`+")")\ ('#!/usr/bin/env python\012print(lambda s:s+"("+`s`+")")\\\012') print(lambda x:x%`x`)('print(lambda x:x%%`x`)(%s)')
Oleg. ---- Oleg Broytmann National Research Surgery Centre http://sun.med.ru/~phd/ Programmers don't die, they just GOSUB without RETURN.
participants (2)
-
ajs@pigpond.com -
Oleg Broytmann