RE: [Zope] LoginManager - logging out
No, you are right. It does not work. It is because LM's default login method is Basic. Basic logout does not work because of Basic authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one. The remedy is to change your login method to Cookie so that AUTHENTICATED_USER.logout() works. Good luck. http://lists.zope.org/pipermail/zope/2000-December/037253.html
On Sun, 17 Dec 2000, Chalu Kim wrote:
No, you are right. It does not work. It is because LM's default login method is Basic. Basic logout does not work because of Basic authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one.
But I use cookie authentication all the time. ololo@zeus.polsl.gliwice.pl /--------------------------------------\ | `long long long' is too long for GCC | \--------------------------------------/
authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one.
Besides shutting down your browser, you trash its credential. Create a simple DTML method that raises the 'Unauthorized' exception. Direct your brower to that method. The browser will, in some form or manner, request that you authenticate again. Now the important part, don't cancel the reauthentication! Type in some garbage user name and password and send it. Your brower will give you another chance to authenticate, but this one you cancel and you're back to being anonymous as far as Zope is concerned. Bill.
Can you please give an example of this code or method? Mohan. -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Bill Welch Sent: Monday, December 18, 2000 10:14 AM To: zope@zope.org Subject: RE: [Zope] LoginManager - logging out
authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one.
Besides shutting down your browser, you trash its credential. Create a simple DTML method that raises the 'Unauthorized' exception. Direct your brower to that method. The browser will, in some form or manner, request that you authenticate again. Now the important part, don't cancel the reauthentication! Type in some garbage user name and password and send it. Your brower will give you another chance to authenticate, but this one you cancel and you're back to being anonymous as far as Zope is concerned. Bill. _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Thanks, I have tried it. <dtml-raise type="Unauthorized"> Logout!! </dtml-raise> I guess it logs me out. But it also gives me a login dialog box .... it does not accept any of the account. So I cannot log back in! Why? What is going on here? Mohan. -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Bill Welch Sent: Monday, December 18, 2000 11:06 AM To: Mohan Baro Cc: zope@zope.org Subject: RE: [Zope] LoginManager - logging out this is my logout DTML method <dtml-raise type="Unauthorized"> Logout!! </dtml-raise> On Mon, 18 Dec 2000, Mohan Baro wrote:
Can you please give an example of this code or method?
Mohan.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Mohan Baro wrote:
Thanks,
I have tried it.
<dtml-raise type="Unauthorized"> Logout!! </dtml-raise>
I guess it logs me out. But it also gives me a login dialog box .... it does not accept any of the account. So I cannot log back in! Why?
I'm not sure WHY it won't accept your username at this point. BUT, it doesn't really logout you out either. If you hit the back button a couple of times you'll notice that you are still logged in. The only way to logout using standard authentication is to close the browser. HTH, -- Tim Cook, President -- Free Practice Management,Inc. | http://FreePM.com Office: (901) 884-4126 Censorship: The reaction of the ignorant to freedom.
On Tue, 19 Dec 2000, Tim Cook wrote:
Mohan Baro wrote:
Thanks,
I have tried it.
<dtml-raise type="Unauthorized"> Logout!! </dtml-raise>
I guess it logs me out. But it also gives me a login dialog box .... it does not accept any of the account. So I cannot log back in! Why?
The login dialog is the reauthentication opportunity that's your browser's response to the 'Unauthorized' exception and that's normal. Don't know why you can't log back in. Works for me in Navigator, IE, and Konqueror. Lynx displayed an opportunity to reauthenticate once, and then only showed the exception after that.
I'm not sure WHY it won't accept your username at this point. BUT, it doesn't really logout you out either. If you hit the back button a couple of times you'll notice that you are still logged in. The only way to logout using standard authentication is to close the browser.
Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out. Hitting the back button doesn't tell you anything about what credential your browser is sending to the server. Try visiting a privileged page after going back or look at the request that's actually being sent. Try using this one line method (I call mine 'debug'): <dtml-var REQUEST> After visting yourSite/logout and trying to login as a garbage user at the reauthentication opportunity (blanking the user name seems to work fine), visit yourSite/debug. Check other/AUTHENTICATED_USER, Navigator and IE show 'Anonymous User', Konqueror and lynx show the last good user. Bill.
Inspired by Jim Washington's recent post re 'Anonymous user', I was reminded of a previous post in which someone suggested http://garbage:xxxxx@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. first, http://yourSite/manage and login then http://garbage:xxxxx/yourSite/debug and check other/AUTHENTICATED_USER On Tue, 19 Dec 2000, Bill Welch wrote:
Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out.
Its just not working for me. I am going to try LoginManager + ZPatterns (hope it has a handy logout feature) Mohan. -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Bill Welch Sent: Wednesday, December 20, 2000 9:45 AM To: zope@zope.org Subject: Re: [Zope] LoginManager - logging out Inspired by Jim Washington's recent post re 'Anonymous user', I was reminded of a previous post in which someone suggested http://garbage:xxxxx@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. first, http://yourSite/manage and login then http://garbage:xxxxx/yourSite/debug and check other/AUTHENTICATED_USER On Tue, 19 Dec 2000, Bill Welch wrote:
Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Mohan Baro wrote:
Its just not working for me.
I am going to try LoginManager + ZPatterns (hope it has a handy logout feature)
Well, you could look at the Membership product to see how we do it there. :) IIRC, it works fine with the latest LM and Zope. Zpatterns won't provide a logout feature, since that is not it's responsibility. Bill
Thank you Mohan. -----Original Message----- From: ucntcme@zope.org [mailto:ucntcme@zope.org]On Behalf Of Bill Anderson Sent: Thursday, December 21, 2000 1:57 PM To: zope@zope.org Subject: Re: [Zope] LoginManager - logging out Mohan Baro wrote:
Its just not working for me.
I am going to try LoginManager + ZPatterns (hope it has a handy logout feature)
Well, you could look at the Membership product to see how we do it there. :) IIRC, it works fine with the latest LM and Zope. Zpatterns won't provide a logout feature, since that is not it's responsibility. Bill _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Where can I get more information on the following methods ( i.e which zope documentation) 1) authenticate() as in <dtml-call "AUTHENTICATED_USER.authenticate()"> 2) logout() Mohan
participants (6)
-
Aleksander Salwa -
Bill Anderson -
Bill Welch -
Chalu Kim -
Mohan Baro -
Tim Cook