[Zope] Question: user homepages

[Brian Lloyd]

> But surely the management interfaces use the user folder mechanism to
> authenticate (that, and checking for the superuser account), and the
> vanilla acl_users folder doesn't use cookies for authentication.
> 
> So the concept of raising Unauthorized to "log out" won't 
> work very well
> with browsers -- if I understood the solution correctly it 
> means you'll
> get a password dialog in your face when you hit "Logout". Not very
> elegant?

Not very elegant, but totally out of Zope's (or any other app or
web server's) control. The client applies the rules outlined in the
HTTP spec - if you send an unauthorized, you will get a password
prompt; there is no other standard (or nonstandard) way to get a
client to stop using it's authentication token. If there were, it
would be a huge security hole - it would be trivial to do auth
spoofing...

Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com