RE: [Zope] Logout question
-----Original Message----- From: Daniel G. Rusch [mailto:drusch@globalcrossing.com] Sent: Tuesday, November 16, 1999 11:30 AM To: zope@zope.org Subject: [Zope] Logout question
Hey all,
I went to the Zope site at http://www.zope.org/logout.html/view_source and this is the source that the Zope site uses to log members out:
<!--#call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')"--> <!--#call "REQUEST['RESPONSE'].redirect('logged_out')"-->
When I execute the same source on my site, I don't get any errors and the user is redirected to the the logged_out page, but they are not "de-authenticated". In other words, unlike the Zope site, they can hit the back button and continue on their merry way.
Any thoughts?
I suspect you're not using cookie auth, which the zope site does. If you're using straight up HTTP basic auth, you can log your users out with: <dtml-raise Unauthorized> Go away! </dtml-raise> -Michel
<dtml-raise Unauthorized> <!--#call "RESPONSE.redirect('logged_out')"--> </dtml-raise> There are actually two problems with the above: 1. It doesn't actually log you out, hit the back button and you're in. 2. You don't get to the redirect statement. Any thoughts? DR
Hi,
<dtml-raise Unauthorized> <!--#call "RESPONSE.redirect('logged_out')"--> </dtml-raise>
when you use basic authentication your browser stores login and password combination for the realm. The browser will delete this information only when it receives a "401 unautorized" HTTP-Code. When you use a redirect it will receive a "301 moved" HTP-Code and therefor not delete the login/password. So long Ulli -- ----------------- Die Website Effizienzer ------------------ luna-park Bravo Sanchez, Vollmert, Wisser GbR Ulrich Wisser mailto:u.wisser@luna-park.de Alter Schlachthof, Immenburgstr. 20 Tel +49-228-9654055 D-53121 Bonn Fax +49-228-9654057 ------------------http://www.luna-park.de ------------------
participants (3)
-
Daniel G. Rusch -
Michel Pelletier -
Ulrich Wisser