[Zope-dev] De-Authentication / Logout
Oleg Broytmann
phd@sun.med.ru
Sat, 13 Mar 1999 14:06:39 +0300 (MSK)
On 13 Mar 1999, Andrew Snare wrote:
> >>>>> "Roger" == Roger Espinosa <roger@umich.edu> writes:
>
> Roger> At 4:40 PM -0500 3/12/99, Jason Spisak wrote:
> >> Zope-misters
> >>
> >> Is there a setUser type method for AUTHENTICATED_USER? I have
> >> tried everything, and there isn't any docs. I am trying to have
> >> a user logout without having to quit Netscape. Any thoughts? --
>
> Roger> It's always been my impression that unless Zope can be fitted
> Roger> with a cookie-based-authentication system (vs. the current
> Roger> basic-auth), there's *no* way to force a "logout" because of
> Roger> the way the *browsers* handle basic-auth.
>
> Generally, the workaround/kludge is to change the authentication realm
> to something different, since most browsers seem to only remember
> authentication information for the most recent authentication realm
> (if I recall correctly).
For browsers that store passwords by realms (I believe M$ IS 4+ does
this way), it is neccessary to force browser to forget password by asking
different password for the same realm. I know some sites on the Net really
do logout this way. (One of my projects is among them).
> - Andrew
> --
> #!/usr/bin/env python
> print(lambda s:s+"("+`s`+")")\
> ('#!/usr/bin/env python\012print(lambda s:s+"("+`s`+")")\\\012')
> print(lambda x:x%`x`)('print(lambda x:x%%`x`)(%s)')
Oleg.
----
Oleg Broytmann National Research Surgery Centre http://sun.med.ru/~phd/
Programmers don't die, they just GOSUB without RETURN.