13 Mar
1999
13 Mar
'99
2:03 p.m.
It's always been my impression that unless Zope can be fitted with a cookie-based-authentication system (vs. the current basic-auth), there's *no* way to force a "logout" because of the way the *browsers* handle basic-auth.
Recent notes about Lynx notwithstanding, I agree. It's extremely frustrating when debugging the security of an app! Zope _CAN_ use a cookie-based authentication scheme with the UserDB product. UserDB uses Database Adapter (e.g., Oracle) to connect to a store of user info (e.g., userid and password). I can imagine some motivated community member taking a look at the current incarnation of UserFolder and UserDB and cookie-ifying the UserFolder. --Rob