you cannot clear out basic HTTP auth information from a browser without telling the browser that the user is unauthorized, which will then make the browser pop up a username/password box. that's simple HTTP authentication and has not much to do with zope itself. use a user folder that supports cookie authentication. that's the only way you can achieve your goal. jens On Friday, Mar 7, 2003, at 13:39 US/Eastern, Edward Pollard wrote:
I'm up to my elbows in ripping apart the ZMI to find the code, and its another basic idea, so I thought I'd throw it out to the list.
How can I programatically (Python/Page Templates) clear the login information from the browser? That is - log someone out.
Setting up the permisions with the LDAP users was straightforward, but at the moment all I can do is detect the lack of permissions and say "Access Unauthorized". The only way to switch users is to open a new browser. This, of course, is immature and - if you'll excuse the colloquialism - sucks hard. So I'd like to offer a button that says "Log me out".
Amusingly, the Security chapter of The Zope Book does not seem to cover this. Maybe it shouldn't and I'm just easily amused.
Thanks,
Ed