[Zope] Logging out a user (in code)
Dieter Maurer
dieter@handshake.de
Mon, 9 Jul 2001 23:35:36 +0200 (CEST)
Christian Theune writes:
> On Sun, Jul 08, 2001 at 11:50:42PM +0200, Dieter Maurer wrote:
> [...]
> > With cookie based authentication, you simply kill the cookie.
> [...]
>
> Really? Just think, what happens if the user manually copies it's
> cookie and stores it back on the browser?
>
> You have to tell the server to forget, that this cookie is
> authorized ... ?
Yes, if you want to be sure...
And your cookie is some hash value and not a direct encoding
of user name and password.
Dieter