[Grok-dev] New sample app: LoginDemo
Luciano Ramalho
luciano at ramalho.org
Sun Dec 30 11:12:33 EST 2007
On Dec 30, 2007 11:48 AM, Sebastian Ware <sebastian at urbantalk.se> wrote:
> Luciano, have you solved the use case where one is logged in as a
> manager (through the grok admin interface) and wants to log out as
> manager in order to properly log in as an orindary user through the
> application login?
Hi Sebastian, I haven't solved that, but I haven't tried either. The
problem is that the Grok admin UI uses HTTP basic authentication, and
because the HTTP protocol has no concept of a "session", there is no
reliable way to logout from HTTP basic auth because it's really up to
the browser to stop sending the authentication header that allowed the
initial login. This has been a problem in Zope forever, but it's
really not a limitation of Zope, but a limitation of the HTTP
protocol.
Old time zopistas have grown used to testing with two different
browsers or alternating between localhost and 127.0.0.1 to be able to
log in as manager and as ordinary users at the same time.
But we can't really blame the protocol and not do anything about the
issue. I believe the best solution would be to switch Grok itself to
use cookies and the SessionCredentialsPlugin for authentication,
allowing the manager to logout at will.
BTW, I have a related question for the gurus: why don't the admin
credentials work for initial login in a Grok app like LoginDemo, but
still they are good enough to allow me to navigate in the app and even
see a page protected by a permission? I have a functional test that
exposes this situation here:
http://svn.zope.org/grokapps/LoginDemo/src/logindemo/ftests/index.txt?rev=82534&view=markup
Regards,
Luciano
More information about the Grok-dev
mailing list