Hi, I am having some problems with the authentication logic.My application uses three roles--Student,Faculty and staff.I use my login page(cookie authentication) to collect the username and password and I use the LDAP directory to authenticate.The authentication works fine but when I log out and hit the back button in the browser,I am still going to the secure page and not redirected to the login page.I check for roles in all pages.I think my way of expiring the cookie is not correct. For logout, I use the following statements for cookie expiration bu tit deosnt work. Can you see whats wrong? <dtml-call expr="RESPONSE.expireCookie('__ac',path='/')"> <dtml-call expr="SESSION.invalidate()"> Thanks in advance, Srini
From: <schandra@csee.wvu.edu>
For logout, I use the following statements for cookie expiration bu tit deosnt work. Can you see whats wrong?
<dtml-call expr="RESPONSE.expireCookie('__ac',path='/')"> <dtml-call expr="SESSION.invalidate()">
To expire a cookie I overwrite the cookie with 'invalid' data. The routines that check the cookie, check the cookie contents and if the data is not valid, handle the user accordingly. This should solve your problem. Jonathan
schandra@csee.wvu.edu wrote at 2004-5-6 10:25 -0400:
... <dtml-call expr="RESPONSE.expireCookie('__ac',path='/')">
This looks good -- provided you have set the cookie with precisely this name and path. If you cannot find the problem's cause, you may use a TCP-Logger (e.g. Shane's "tcpwatch") to analyse the communication between browser and Zope. -- Dieter
participants (3)
-
Dieter Maurer -
schandraļ¼ csee.wvu.edu -
Small Business Services