[Zope] RE: [Zope-dev] De-Authentication / Logout
Rob Page
rob.page@digicool.com
Sat, 13 Mar 1999 09:03:45 -0500
> It's always been my impression that unless Zope can be fitted with a
> cookie-based-authentication system (vs. the current
> basic-auth), there's
> *no* way to force a "logout" because of the way the *browsers* handle
> basic-auth.
Recent notes about Lynx notwithstanding, I agree. It's extremely
frustrating when debugging the security of an app! Zope _CAN_ use a
cookie-based authentication scheme with the UserDB product. UserDB uses
Database Adapter (e.g., Oracle) to connect to a store of user info
(e.g., userid and password).
I can imagine some motivated community member taking a look at the
current incarnation of UserFolder and UserDB and cookie-ifying the
UserFolder.
--Rob