Jonathan Corbet <corbet@eklektix.com> writes:
I'm working on a system to make medical records available via a web interface. It needs to make different levels of access available to different sorts of people (doctors, nurses, clerical staff) - a perfect match for Zope's roles.
But I've encountered one rub: the web browser will be running on PC's sitting in various spots in the clinic's offices: the doctor's office, work areas, even examination rooms. There will be a different person sitting down at it every few minutes. But, with "Basic" authentication, once the web browser has your username/password in its clutches, it never lets go.
We're dealing with medical records here, so it is a poor idea to leave a "logged in" browser sitting around in a public place. What I am looking for is a way to put in a "log out" option that stops short of killing and restarting the browser. Has anybody else figured out a way to do this?
<!--#raise Unautorized--> <!--#/raise--> Will raise a 401 to the browser, typicly causing (netscape at least) to prompt a box saying "Authorization Failed. Retry?" Clickin on yes will bring up a login box. Clicking cancel will show the Unauthorized Error. I guess as a quick hack, you can impliment a client pull in your browser to refetch itself, raising it's own unauthorization, forcing the user to click "Ok" then login again. Alternatively you can tell your users that they *must* as a policy click 'log out' (which takes you to a DTML Method with the above DTML code snippet). Cookies is probably the more elegant solution. -Michel
Thanks,
jon
Jonathan Corbet, Eklektix, Inc. corbet@eklektix.com
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(For developer-specific issues, use the companion list, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )