[Zope] LoginManager problem (get access without login)?

[jmr@computing.com]

wolfgang> When I try to access a protected folder
wolfgang> I get the login site (that's ok), but
wolfgang> when I press "back" and "forward"
wolfgang> I get the protected content (e.g. index_html)

I've seen this behaviour with Internet Explorer (talking to an Apache
server).  We were completely baffled until we discovered that it was a
bug in IE.  Apparently it had cached the page from an earlier
(Authenticated) visit, and the "back-forward" confused IE enough that
it was willing to give up the cached version even though this visit
wasn't authenticated.

Try clearing your IE cache and see if you can make it happen; I bet
you can't...  I believe it's completely unrelated to LoginManager or
even to Zope.

Jim Rowan
DCSI
jmr@computing.com