Dear All, I have been facing problem with Logout. When I click Logout it is not actually logging out. I'm calling the following code in the Login Script: *********LOGIN SCRIPT*************************** <dtml-call "RESPONSE.setCookie('Login_Name', _.SecurityGetUser().getUserName(), expires='0')"> <dtml-comment> <dtml-call "RESPONSE.setCookie('user_name', _.SecurityGetUser().getUserName(), expires='')"> </dtml-comment> <dtml-if "REQUEST.has_key('Login_Name')"> <dtml-in DateLookup> <dtml-if Reminder_Lookup_By_Login> <form><input style="font-size:15;font-weight:bold" type="button" value="Check Reminders" onClick="JavaScript:PopWindow738401()"></form> </dtml-if> </dtml-in> </dtml-if> In the Logout Page: ********************LOGOUT SCRIPT********************************* <dtml-var la_header> <!-- <dtml-comment> --> <p>REQUEST:<br> <dtml-var REQUEST> <br> <p>RESPONSE:<br> <dtml-var RESPONSE> <br> <!-- </dtml-comment> --> <dtml-call "RESPONSE.expireCookie('__ac')"> <dtml-call "RESPONSE.expireCookie('session')"> <dtml-call "RESPONSE.expireCookie('*')"> <dtml-call "RESPONSE.expireCookie('Login_Name')"> <dtml-call "RESPONSE.expireCookie('user_name')"> <!-- <dtml-call "RESPONSE.redirect('/demo/acl_users/LoggedOut')"> --> <!-- <dtml-comment> --> <p>REQUEST:<br> <dtml-var REQUEST> <br> <p>RESPONSE:<br> <dtml-var RESPONSE> <br> <!-- </dtml-comment> --> </body> </html> Please suggest me how to solve this problem. -- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806
Praveen Kumar wrote:
Dear All, I have been facing problem with Logout. When I click Logout it is not actually logging out.
Is the cookie still present in the request when you think you should be logged out? Maybe you have ended up logged in using basic authentication rather than cookie authentication at some point? Chris
Dear Chris Withers, I'm using the Cookie based authentication only. I'm calling the same functions in every page to check the authentication. Yes, Cookie is still present in the Logout page as well. Please let me know how to kill the cookie. Thanks & regards Praveen On Wed, 2003-09-10 at 15:50, Chris Withers wrote: Praveen Kumar wrote: > Dear All, > I have been facing problem with Logout. When I click Logout it is > not actually logging out. Is the cookie still present in the request when you think you should be logged out? Maybe you have ended up logged in using basic authentication rather than cookie authentication at some point? Chris -- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806
RESPONSE.expireCookie or some such.... RTFM ;-) Chris Praveen Kumar wrote:
Dear Chris Withers,
I'm using the Cookie based authentication only. I'm calling the same functions in every page to check the authentication. Yes, Cookie is still present in the Logout page as well. Please let me know how to kill the cookie.
Thanks & regards Praveen On Wed, 2003-09-10 at 15:50, Chris Withers wrote: Praveen Kumar wrote:
> Dear All, > I have been facing problem with Logout. When I click Logout it is > not actually logging out.
Is the cookie still present in the request when you think you should be logged out?
Maybe you have ended up logged in using basic authentication rather than cookie authentication at some point?
Chris
Praveen Kumar wrote at 2003-9-10 11:17 +0530:
... <dtml-call "RESPONSE.expireCookie('__ac')">
Cookie expiration is only effective if done with the same "name", "path" and "domain" parameters as the cookie definition. Almost surely, the cookie definition used: setCookie('__ac',...,path='/') Therefore, you must use expireCookie('__ac',path='/') to delete it again. Dieter
Dear Dieter Maurer, Thank you so much for your suggestion. It is Logging out but once I press the back button in the browser it is going to the authenticated page. After Logging out I'm redirecting the page to the login again. Users logs in as another user it is going as an another user only, but pressing the back button only giving the problem. Is there any solution for this? Thanks & Regards Praveen On Thu, 2003-09-11 at 02:16, Dieter Maurer wrote: Praveen Kumar wrote at 2003-9-10 11:17 +0530: > ... > <dtml-call "RESPONSE.expireCookie('__ac')"> Cookie expiration is only effective if done with the same "name", "path" and "domain" parameters as the cookie definition. Almost surely, the cookie definition used: setCookie('__ac',...,path='/') Therefore, you must use expireCookie('__ac',path='/') to delete it again. Dieter -- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806
The back button gets you into trouble always.... To get a true logout I had to use a bit of javascript to close the browser itself. )-: On 11 Sep 2003, Praveen Kumar wrote:
Dear Dieter Maurer,
Thank you so much for your suggestion. It is Logging out but once I press the back button in the browser it is going to the authenticated page. After Logging out I'm redirecting the page to the login again. Users logs in as another user it is going as an another user only, but pressing the back button only giving the problem. Is there any solution for this?
Thanks & Regards Praveen On Thu, 2003-09-11 at 02:16, Dieter Maurer wrote: Praveen Kumar wrote at 2003-9-10 11:17 +0530: > ... > <dtml-call "RESPONSE.expireCookie('__ac')">
Cookie expiration is only effective if done with the same "name", "path" and "domain" parameters as the cookie definition.
Almost surely, the cookie definition used:
setCookie('__ac',...,path='/')
Therefore, you must use
expireCookie('__ac',path='/')
to delete it again.
Dieter -- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Dear Dennis Allison, Thanks for your reply, but I think that will embarrass the users, Isn't it? It also problem to the users who are using Mozilla if they open in tabs, If we use java script, it will close all other also. Is there any other way to do the same? Thanks & Regards Praveen On Thu, 2003-09-11 at 09:59, Dennis Allison wrote: The back button gets you into trouble always.... To get a true logout I had to use a bit of javascript to close the browser itself. )-: On 11 Sep 2003, Praveen Kumar wrote: > Dear Dieter Maurer, > > Thank you so much for your suggestion. It is Logging out but once I > press the back button in the browser it is going to the authenticated > page. After Logging out I'm redirecting the page to the login again. > Users logs in as another user it is going as an another user only, but > pressing the back button only giving the problem. Is there any solution > for this? > > Thanks & Regards > Praveen > On Thu, 2003-09-11 at 02:16, Dieter Maurer wrote: > Praveen Kumar wrote at 2003-9-10 11:17 +0530: > > ... > > <dtml-call "RESPONSE.expireCookie('__ac')"> > > Cookie expiration is only effective if done > with the same "name", "path" and "domain" parameters > as the cookie definition. > > Almost surely, the cookie definition used: > > setCookie('__ac',...,path='/') > > Therefore, you must use > > expireCookie('__ac',path='/') > > to delete it again. > > > Dieter > -- > Regards > Praveen Kumar, > SoftPro Systems Ltd, > Ph: 91-40-23111806 > > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > -- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806 -----------------------SOFTPRO DISCLAIMER------------------------------ Information contained in this E-MAIL and any attachments are confidential being proprietary to SOFTPRO SYSTEMS is 'privileged' and 'confidential'. If you are not an intended or authorised recipient of this E-MAIL or have received it in error, You are notified that any use, copying or dissemination of the information contained in this E-MAIL in any manner whatsoever is strictly prohibited. Please delete it immediately and notify the sender by E-MAIL. In such a case reading, reproducing, printing or further dissemination of this E-MAIL is strictly prohibited and may be unlawful. SOFTPRO SYSYTEMS does not REPRESENT or WARRANT that an attachment hereto is free from computer viruses or other defects. The opinions expressed in this E-MAIL and any ATTACHEMENTS may be those of the author and are not necessarily those of SOFTPRO SYSTEMS. ------------------------------------------------------------------------
I got around the "back" problem by sticking a hidden value in each form. The correct value is kept in a session variable and whenever there is a mismatch I put up an (apologetic) error page. This allows users to go back and review information, but prevents them from resubmitting forms with stale data. HTH, At 10:27 AM +0530 9/11/03, Praveen Kumar wrote:
Dear Dennis Allison,
Thanks for your reply, but I think that will embarrass the users, Isn't it? It also problem to the users who are using Mozilla if they open in tabs, If we use java script, it will close all other also. Is there any other way to do the same?
Thanks & Regards Praveen On Thu, 2003-09-11 at 09:59, Dennis Allison wrote: The back button gets you into trouble always.... To get a true logout I had to use a bit of javascript to close the browser itself. )-:
On 11 Sep 2003, Praveen Kumar wrote:
> Dear Dieter Maurer, > > Thank you so much for your suggestion. It is Logging out but once I > press the back button in the browser it is going to the authenticated > page. After Logging out I'm redirecting the page to the login again. > Users logs in as another user it is going as an another user only, but > pressing the back button only giving the problem. Is there any solution > for this? > > Thanks & Regards > Praveen > On Thu, 2003-09-11 at 02:16, Dieter Maurer wrote: > Praveen Kumar wrote at 2003-9-10 11:17 +0530: > > ... > > <dtml-call "RESPONSE.expireCookie('__ac')"> > > Cookie expiration is only effective if done > with the same "name", "path" and "domain" parameters > as the cookie definition. > > Almost surely, the cookie definition used: > > setCookie('__ac',...,path='/') > > Therefore, you must use > > expireCookie('__ac',path='/') > > to delete it again. > > > Dieter > -- > Regards > Praveen Kumar, > SoftPro Systems Ltd, > Ph: 91-40-23111806 > > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) >
-- Regards Praveen Kumar, SoftPro Systems Ltd, Ph: 91-40-23111806
-----------------------SOFTPRO DISCLAIMER------------------------------
Information contained in this E-MAIL and any attachments are
confidential being proprietary to SOFTPRO SYSTEMS is 'privileged'
and 'confidential'.
If you are not an intended or authorised recipient of this E-MAIL or
have received it in error, You are notified that any use, copying or
dissemination of the information contained in this E-MAIL in any
manner whatsoever is strictly prohibited. Please delete it immediately
and notify the sender by E-MAIL.
In such a case reading, reproducing, printing or further dissemination
of this E-MAIL is strictly prohibited and may be unlawful.
SOFTPRO SYSYTEMS does not REPRESENT or WARRANT that an attachment
hereto is free from computer viruses or other defects.
The opinions expressed in this E-MAIL and any ATTACHEMENTS may be
those of the author and are not necessarily those of SOFTPRO SYSTEMS.
------------------------------------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Best regards, Richard Wesley Co-President, Electric Fish, Inc. <http://www.electricfish.com/> (v) +1-206-493-1690x210 (f) +1-206-493-1697 (h) +1-206-632-4536 (m) +1-206-409-4536
Praveen Kumar wrote at 2003-9-11 09:59 +0530:
Thank you so much for your suggestion. It is Logging out but once I press the back button in the browser it is going to the authenticated page.
Browsers usually use their cache to implement their backward/forward buttons. Of course, in the cache, you still have the "authenticated" page. You may try to use cache control headers (see HTTP 1.1 specification). However, there is no garantee that the browser respects them for backward/forward. Dieter
participants (5)
-
Chris Withers -
Dennis Allison -
Dieter Maurer -
Praveen Kumar -
Richard Wesley