schandra@csee.wvu.edu wrote: the back button loads from cache , you are not hitting the server. check the z2.log to see if back button is generating a request

Hi,

I am having some problems with the authentication logic.My application uses three roles--Student,Faculty and staff.I use my login page(cookie authentication) to collect the username and password and I use the LDAP directory to authenticate.The authentication works fine but when I log out and hit the back button in the browser,I am still going to the secure page and not redirected to the login page.I check for roles in all pages.I think my way of expiring the cookie is not correct. For logout, I use the following statements for cookie expiration bu tit deosnt work. Can you see whats wrong?

<dtml-call expr="RESPONSE.expireCookie('__ac',path='/')"> <dtml-call expr="SESSION.invalidate()">

Is rewriting the cookie data is the only way?If so ,how to do that? Thanks in advance, Srini

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )