I found this method to logout a user in Zope but apparently it does not work: <dtml-call "REQUEST['RESPONSE'].expireCookie('__ac_czo', path='/')"> The next page containing <b tal:content="user/getUserName">User Name</b> still shows the old user. What is the Zope API to do this from a Python script? Any suggestions why this does not work? Thanks in advance. --Borislav
Is that really the cookie that you want to expire? (look at the cookies in your browser) I think that the cookie to expire is '__ac'. -Paul Borislav wrote:
I found this method to logout a user in Zope but apparently it does not work:
<dtml-call "REQUEST['RESPONSE'].expireCookie('__ac_czo', path='/')">
The next page containing <b tal:content="user/getUserName">User Name</b> still shows the old user.
What is the Zope API to do this from a Python script? Any suggestions why this does not work?
Thanks in advance.
--Borislav
Paul Erickson wrote:
Is that really the cookie that you want to expire? (look at the cookies in your browser)
I think that the cookie to expire is '__ac'.
I checked the cookies in my browser. I don't have '__ac' cookie. Zope.org uses '__ac_czo'. My server has set the following cookies: 'tree-s', '_ZopeId', '__cp'. I am not familiar with the function of these cookies. Which one do I need to expire in order to log out the current user? --Borislav
On Thursday 05 September 2002 10:29 am, Borislav wrote:
Paul Erickson wrote:
Is that really the cookie that you want to expire? (look at the cookies in your browser)
I think that the cookie to expire is '__ac'.
I checked the cookies in my browser. I don't have '__ac' cookie. Zope.org uses '__ac_czo'. My server has set the following cookies: 'tree-s', '_ZopeId', '__cp'. I am not familiar with the function of these cookies. Which one do I need to expire in order to log out the current user?
--Borislav
Are you using cookie based authentication or just basic auth? -Casey
Casey Duncan wrote:
On Thursday 05 September 2002 10:29 am, Borislav wrote:
Paul Erickson wrote:
Is that really the cookie that you want to expire? (look at the cookies in your browser)
I think that the cookie to expire is '__ac'.
I checked the cookies in my browser. I don't have '__ac' cookie. Zope.org uses '__ac_czo'. My server has set the following cookies: 'tree-s', '_ZopeId', '__cp'. I am not familiar with the function of these cookies. Which one do I need to expire in order to log out the current user?
--Borislav
Are you using cookie based authentication or just basic auth?
-Casey
I'm not certain. I haven't changed the default installation of Zope 2.5.1. If you tell me where to look, I'll be more specific. --Borislav
On Thursday 05 September 2002 10:54 am, Borislav wrote:
I'm not certain. I haven't changed the default installation of Zope 2.5.1. If you tell me where to look, I'll be more specific.
--Borislav
The default is basic auth, which has no intrinsic notion of logging out. If you install the CookieCrumbler product, that will let you use cookie auth and you will be able to log out users by expiring their cookies. hth, -Casey
The default is basic auth, which has no intrinsic notion of logging out. If you install the CookieCrumbler product, that will let you use cookie auth and you will be able to log out users by expiring their cookies.
How is then Zope able to log me out of its management interface? I checked the frame source where the logout menu is: <form action="/" method="POST" target="manage_main"> <span class="std-text">Logged in as <strong>admin</strong></span> <select class="form-element" name=":action" onChange="window.parent.manage_main.location.href='/'+this.options[this.selectedIndex].value"> <option value="zope_quick_start">Zope Quick Start</option> <option value="manage_zmi_prefs">Set Preferences</option> <option value="manage_zmi_logout">Logout</option> </select> <input class="form-element" type="submit" name="submit" value=" Go " /> Is there a way to use the same facility from my scripts? It seems to me that logging out a user is a basic operation that should be supported by Zope 'out of the box', without the need of additional products. Just wondering... --Borislav
It raises the 'Unauthorized' exception. This does not work with all browsers (IE in particular) and is not very user friendly because it pops up the authentication window, which must be cancelled in order to actually log out. You can however do it if you like. Calling it log out is a bit of a stretch IMHO. In a python script: raise 'Unauthorized' -Casey On Thursday 05 September 2002 11:32 am, Borislav wrote:
The default is basic auth, which has no intrinsic notion of logging out. If you install the CookieCrumbler product, that will let you use cookie auth and you will be able to log out users by expiring their cookies.
How is then Zope able to log me out of its management interface? I checked the frame source where the logout menu is:
<form action="/" method="POST" target="manage_main"> <span class="std-text">Logged in as <strong>admin</strong></span> <select class="form-element" name=":action"
onChange="window.parent.manage_main.location.href='/'+this.options[this.selectedIndex].value">
<option value="zope_quick_start">Zope Quick Start</option> <option value="manage_zmi_prefs">Set Preferences</option> <option value="manage_zmi_logout">Logout</option> </select> <input class="form-element" type="submit" name="submit" value=" Go " />
Is there a way to use the same facility from my scripts? It seems to me that logging out a user is a basic operation that should be supported by Zope 'out of the box', without the need of additional products. Just wondering...
--Borislav
participants (3)
-
Borislav -
Casey Duncan -
Paul Erickson