Jonathan Corbet wrote:
We're dealing with medical records here, so it is a poor idea to leave a "logged in" browser sitting around in a public place. What I am looking for is a way to put in a "log out" option that stops short of killing and restarting the browser. Has anybody else figured out a way to do this?
We have the same patient confidentiality issues to address in a similar domain. My solution is to create a session manager that forces a user timeout after a period of inactivity, typically 10-20 minutes. In this scenario, it is necessary to bypass basic authentication and roll your own. I'm still experimenting; it's not really mainstream Zope. A timeout solution isn't perfect, but it's an improvement. I'm open to other suggestions that don't require special security equipment. Best regards, Jeff Bauer Rubicon, Inc.