Daniel, THis is a limitation of HTTP basic authentication and is not a Zope-specific problem. Either quit the browser before you leave or write a short dtml method: <dtml-raise Unauthorized> Logout </dtml-raise> and call it before you leave. Note that you need to call it, then click "OK", or you will still be logged in. -----Original Message----- From: Daniel.Weber@SEMATECH.Org [mailto:Daniel.Weber@SEMATECH.Org] Sent: Friday, March 17, 2000 5:27 PM To: zope@zope.org Subject: [Zope] Security question As far as authorization goes, I've noticed that I get prompted for a user-name/password only once during a session. After you've been validated, it appears zope does not prompt you again for that browser session. The reason I'm concerned is that if I have to do maintenance on someone else's web browser, how do I ensure that after I leave a person cannot use the back button or history list to gain manager access to the site? Do I have to exit the browser when I'm done? _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )