[Zope] Logout question

Michel Pelletier michel@digicool.com
Tue, 16 Nov 1999 11:51:03 -0500

> -----Original Message-----
> From: Daniel G. Rusch [mailto:drusch@globalcrossing.com]
> Sent: Tuesday, November 16, 1999 11:30 AM
> To: zope@zope.org
> Subject: [Zope] Logout question
> Hey all,
> I went to the Zope site at http://www.zope.org/logout.html/view_source
> and this is the source that the Zope site uses to log members out: 
> <!--#call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')"-->
> <!--#call "REQUEST['RESPONSE'].redirect('logged_out')"-->
> When I execute the same source on my site, I don't get any errors and
> the user is redirected to the the logged_out page, but they are not
> "de-authenticated". In other words, unlike the Zope site, they can hit
> the back button and continue on their merry way.
> Any thoughts?

I suspect you're not using cookie auth, which the zope site does.  If
you're using straight up HTTP basic auth, you can log your users out

<dtml-raise Unauthorized>
  Go away!