[Zope-CMF] Login/logout information
Tres Seaver
tseaver@digicool.com
Tue, 10 Apr 2001 18:55:43 -0400
Ben Riga wrote:
> It seems like the CMF and/or Zope log me off whenever I shutdown
> my browser. Is there anyway to prevent that? In other words,
> don't log me out (ever) unless I explicitly log out.
Assuming you are using the cookie-based authentication provided
by default, yes, it is possible, but creates a security issue if
any of your users ever log in from a "shared" machine (library,
internet cafe, etc.)
You would need to tweak / override
'CMFCore.CookieCrumbler.CookieCrumbler.setAuthCookie' such that
it appends 'expires="Never"' to the call to 'resp.setCookie'
(line 153).
Because of the security issue, I *won't* accept a patch to add
this behavior, even as an option, to the CookieCrumbler
distributed with the CMF.
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org