Hi, Thank you for your quick replay. I am using CookieCrumbler product which does cookie based authentication. The product modify the client request and server response but when user want to log out it calling the "manage_zmi_logout" functaion which pass basic authenticate in response header that's why it calling login window . I don't want to show any window and also i want to fully logout user from zope is any way to do that . Thank and Regards, vaibhi On Wed, Sep 17, 2008 at 6:58 PM, Tino Wildenhain <tino@wildenhain.de> wrote:
vaibhav pol wrote:
Dear all, I create logout page in my site when user want to logout it will submit the page of page submit i called "manage_zmi_logout" function . which promt me for again login user name password window i want redirect user to login page but if redirect whiout calling "manage_zmi_logout" function user not actualy logout from zope is any other way to kill user session please tell me.
Is there a question somewhere?
Looks like you are trying to log out a "basic auth". This is not really possible - the protocol has nothing to support it. What zope does is using a dirty trick - most browsers expire sending the auth header when they get a 401 response (look up your copy of rfc2616).
What you probably want is to use a cookie based authorization.
Did you already explore zope PAS?
Cheers Tino