[Grok-dev] Grok UI Manager Logout
Uli Fouquet
uli at gnufix.de
Tue Aug 9 09:37:25 EDT 2011
Hi there,
Sebastian Ware wrote:
> Maybe someone could implement this in the Grok Admin UI?
I personally won't and I hope nobody else will do.
The problem with the mentioned approach, if I understood it correctly,
is that it only 'logs out' someone for the mentioned view. The 'logout'
is artificially triggered bypassing the authentication system and won't
work for other pages unless they each do the same thing. 'Bypassing'
here means: it triggers Unauthenticated although the underlying
authentication system won't do that.
So for me, unfortunately, Miguels approach does not work like a charm
(but I might have misunderstood something while translating it into
'grokkish').
Instead, I think, the browser will happily continue to send the
credentials with requests to other pages in the same realm. The whole
authentication system does not make much sense under that circumstances
any more. So, if we would have that sort of 'logout' in the admin UI
(and each page of the admin UI) a manager user, once logged in, would
still be authenticated in some third-party app, even if the user clicked
logout there. Please correct me if I'm wrong but this would bring even
more confusion into the authentication story.
It is, BTW, true that we had some logout button in admin UI some years
ago but at that time we also had the admin UI implementing an own
(session/cookie-based, not: basic-auth) authentication. You could enter
the credentials via a login page. This was generally considered a bad
approach (it could confuse apps implementing an own authentication, was
not compatible with more extreme use-cases like ZODB-less usage, etc.)
so we removed this authentication and went back to basic-auth.
I am also pretty sure that dolmen has something to offer to ease these
pretty common tasks.
Best regards,
--
Uli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20110809/85bbe060/attachment.bin
More information about the Grok-dev
mailing list