On Tue, 19 Oct 1999, Mark P. Fister wrote:
We are trying to figure out how to allow people to log out from our Zope site. The <!--#raise Unauthorized--> tag brings up a login box, but if the user clicks cancel it does not clear out the authenticated user (if the user clicks "OK" and then "Cancel" it works). Redirecting to a URL such as http://anonymous:nopassword@www.server.com does not work for clearing the logged in user either.
Does anyone have an explanation for this?
Very easy. All these things does not force browsers to forget passwords. There is no way to force browser to forget passowrd in Basic Auth scheme. Two solutions: 1. Redirect user to different URL, and protect that URL with different password, say "login: forget, password: xxx". Instruct user to login with this password - and voila! - browser switched to new password. Pretty bad, yeah? 2. Completely avoid Basic Auth. Switch to cookeis, e.g. Oleg. ---- Oleg Broytmann Foundation for Effective Policies phd@phd.russ.ru Programmers don't die, they just GOSUB without RETURN.