[Zope] Logging Out

Oleg Broytmann phd@phd.russ.ru
Tue, 19 Oct 1999 08:32:07 +0000 (GMT)


On Tue, 19 Oct 1999, Mark P. Fister wrote:
> > We are trying to figure out how to allow people to log out from our Zope
> > site.  The
> > <!--#raise Unauthorized--> tag brings up a login box, but if the user
> > clicks cancel it does not clear out the authenticated user (if the user
> > clicks "OK" and then "Cancel" it works).  Redirecting to a URL such as
> > http://anonymous:nopassword@www.server.com does not work for clearing the
> > logged in user either.
> 
> Does anyone have an explanation for this?

   Very easy. All these things does not force browsers to forget passwords.
There is no way to force browser to forget passowrd in Basic Auth scheme.

   Two solutions:

1. Redirect user to different URL, and protect that URL with different
password, say "login: forget, password: xxx". Instruct user to login with
this password - and voila! - browser switched to new password.
   Pretty bad, yeah?

2. Completely avoid Basic Auth. Switch to cookeis, e.g.

Oleg.
---- 
    Oleg Broytmann      Foundation for Effective Policies      phd@phd.russ.ru
           Programmers don't die, they just GOSUB without RETURN.