On Tue, 19 Dec 2000, Tim Cook wrote:
Mohan Baro wrote:
Thanks,
I have tried it.
<dtml-raise type="Unauthorized"> Logout!! </dtml-raise>
I guess it logs me out. But it also gives me a login dialog box .... it does not accept any of the account. So I cannot log back in! Why?
The login dialog is the reauthentication opportunity that's your browser's response to the 'Unauthorized' exception and that's normal. Don't know why you can't log back in. Works for me in Navigator, IE, and Konqueror. Lynx displayed an opportunity to reauthenticate once, and then only showed the exception after that.
I'm not sure WHY it won't accept your username at this point. BUT, it doesn't really logout you out either. If you hit the back button a couple of times you'll notice that you are still logged in. The only way to logout using standard authentication is to close the browser.
Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out. Hitting the back button doesn't tell you anything about what credential your browser is sending to the server. Try visiting a privileged page after going back or look at the request that's actually being sent. Try using this one line method (I call mine 'debug'): <dtml-var REQUEST> After visting yourSite/logout and trying to login as a garbage user at the reauthentication opportunity (blanking the user name seems to work fine), visit yourSite/debug. Check other/AUTHENTICATED_USER, Navigator and IE show 'Anonymous User', Konqueror and lynx show the last good user. Bill.