-----Original Message----- From: Daniel G. Rusch [mailto:drusch@globalcrossing.com] Sent: Tuesday, November 16, 1999 11:30 AM To: zope@zope.org Subject: [Zope] Logout question
Hey all,
I went to the Zope site at http://www.zope.org/logout.html/view_source and this is the source that the Zope site uses to log members out:
<!--#call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')"--> <!--#call "REQUEST['RESPONSE'].redirect('logged_out')"-->
When I execute the same source on my site, I don't get any errors and the user is redirected to the the logged_out page, but they are not "de-authenticated". In other words, unlike the Zope site, they can hit the back button and continue on their merry way.
Any thoughts?
I suspect you're not using cookie auth, which the zope site does. If you're using straight up HTTP basic auth, you can log your users out with: <dtml-raise Unauthorized> Go away! </dtml-raise> -Michel