[Zope] RE: [Zope-dev] De-Authentication / Logout

[Rob Page]

>  It's always been my impression that unless Zope can be fitted with a
>  cookie-based-authentication system (vs. the current 
>  basic-auth), there's
>  *no* way to force a "logout" because of the way the *browsers* handle
>  basic-auth.

Recent notes about Lynx notwithstanding, I agree.  It's extremely
frustrating when debugging the security of an app!  Zope _CAN_ use a
cookie-based authentication scheme with the UserDB product.  UserDB uses
Database Adapter (e.g., Oracle) to connect to a store of user info
(e.g., userid and password).

I can imagine some motivated community member taking a look at the
current incarnation of UserFolder and UserDB and cookie-ifying the
UserFolder.

--Rob