[Zope-dev] Zope security alert and 2.2 information

[Anthony Baxter]

>>> Chris Withers wrote
> The problem is HTTP Basic Authentication caching the user's details
> until it gets told they've failed authentication for that realm...

.. and even then, if they've had a previous successful auth for a
page, the browser will re-use the token. The only _real_ way to do
it properly is to pass a token to the client, and use that token to
reference their authentication information. That way, when they log
out, you destroy the authentication information on the server side.

Anthony

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.