Ron Bickers wrote:
-----Original Message----- From: Shane Hathaway [mailto:shane@zope.com]
manage_zmi_logout just uses a method that usually works. If your browser doesn't do what you expect when it comes to logging out using HTTP AUTH, well... join the club. ;-)
I'm not sure I follow. The problem doesn't actually occur when I logout, but rather when I try to login. Shouldn't CookieCrumbler behave the same when I try to access a protected document after a failed login attempt as it does the first time I try to access it?
Hmm, I see what you're saying now. It sets the cookie regardless of whether the name and password are valid. It should either not set the cookie, expire the cookie, or behave differently when cookie login was used but authentication failed. I'll look into it soon. Shane