Hello, We are trying to figure out how to allow people to log out from our Zope site. The <!--#raise Unauthorized--> tag brings up a login box, but if the user clicks cancel it does not clear out the authenticated user (if the user clicks "OK" and then "Cancel" it works). Redirecting to a URL such as http://anonymous:nopassword@www.server.com does not work for clearing the logged in user either. In the mailing list archives I read a lot about the userDB and it sounds like it might work for what we need, but I can't find it anywhere on the zope.org site? Does somebody know where I can find the userDb? Or is there some other way to log users out? Thanks, --James Punteney
James Punteney wrote:
Hello,
We are trying to figure out how to allow people to log out from our Zope site. The <!--#raise Unauthorized--> tag brings up a login box, but if the user clicks cancel it does not clear out the authenticated user (if the user clicks "OK" and then "Cancel" it works). Redirecting to a URL such as http://anonymous:nopassword@www.server.com does not work for clearing the logged in user either.
Does anyone have an explanation for this? [ SNIP ] -- \_/] Mark P. Fister Java, java, everywhere, and all \_/] \_/] Software Consultant the cups did shrink; java, java \_/] \_/] Austin, TX everywhere, nor any drop to drink! \_/]
On Tue, 19 Oct 1999, Mark P. Fister wrote:
We are trying to figure out how to allow people to log out from our Zope site. The <!--#raise Unauthorized--> tag brings up a login box, but if the user clicks cancel it does not clear out the authenticated user (if the user clicks "OK" and then "Cancel" it works). Redirecting to a URL such as http://anonymous:nopassword@www.server.com does not work for clearing the logged in user either.
Does anyone have an explanation for this?
Very easy. All these things does not force browsers to forget passwords. There is no way to force browser to forget passowrd in Basic Auth scheme. Two solutions: 1. Redirect user to different URL, and protect that URL with different password, say "login: forget, password: xxx". Instruct user to login with this password - and voila! - browser switched to new password. Pretty bad, yeah? 2. Completely avoid Basic Auth. Switch to cookeis, e.g. Oleg. ---- Oleg Broytmann Foundation for Effective Policies phd@phd.russ.ru Programmers don't die, they just GOSUB without RETURN.
At 02:07 19/10/99 , James Punteney wrote:
Hello,
We are trying to figure out how to allow people to log out from our Zope site. The <!--#raise Unauthorized--> tag brings up a login box, but if the user clicks cancel it does not clear out the authenticated user (if the user clicks "OK" and then "Cancel" it works). Redirecting to a URL such as http://anonymous:nopassword@www.server.com does not work for clearing the logged in user either.
In the mailing list archives I read a lot about the userDB and it sounds like it might work for what we need, but I can't find it anywhere on the zope.org site? Does somebody know where I can find the userDb? Or is there some other way to log users out?
USerDB supports cookie based authentication, and it can be found at the old Zope.org site: http://www.zope.org:8080/Download/Prereleases/UserDB -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------
participants (4)
-
James Punteney -
Mark P. Fister -
Martijn Pieters -
Oleg Broytmann