[Zope] Strange CookieCrumbler problem
Shane Hathaway
shane@zope.com
Mon, 17 Sep 2001 14:40:49 -0400
Ron Bickers wrote:
>>-----Original Message-----
>>From: Shane Hathaway [mailto:shane@zope.com]
>>
>
>>manage_zmi_logout just uses a method that usually works. If your
>>browser doesn't do what you expect when it comes to logging out using
>>HTTP AUTH, well... join the club. ;-)
>>
>
>I'm not sure I follow. The problem doesn't actually occur when I logout,
>but rather when I try to login. Shouldn't CookieCrumbler behave the same
>when I try to access a protected document after a failed login attempt as it
>does the first time I try to access it?
>
Hmm, I see what you're saying now. It sets the cookie regardless of
whether the name and password are valid. It should either not set the
cookie, expire the cookie, or behave differently when cookie login was
used but authentication failed. I'll look into it soon.
Shane