[Zope] Logout question
Michel Pelletier
michel@digicool.com
Tue, 16 Nov 1999 11:51:03 -0500
> -----Original Message-----
> From: Daniel G. Rusch [mailto:drusch@globalcrossing.com]
> Sent: Tuesday, November 16, 1999 11:30 AM
> To: zope@zope.org
> Subject: [Zope] Logout question
>
>
> Hey all,
>
> I went to the Zope site at http://www.zope.org/logout.html/view_source
> and this is the source that the Zope site uses to log members out:
>
> <!--#call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')"-->
> <!--#call "REQUEST['RESPONSE'].redirect('logged_out')"-->
>
> When I execute the same source on my site, I don't get any errors and
> the user is redirected to the the logged_out page, but they are not
> "de-authenticated". In other words, unlike the Zope site, they can hit
> the back button and continue on their merry way.
>
> Any thoughts?
I suspect you're not using cookie auth, which the zope site does. If
you're using straight up HTTP basic auth, you can log your users out
with:
<dtml-raise Unauthorized>
Go away!
</dtml-raise>
-Michel