[Zope] keeping track of logged in users

[Chris Withers]

Bo M. Maryniuck wrote:
> On Wednesday 07 August 2002 12:30, Jo Meder wrote:
> 
>>Voila: seems like you never logged out. The only method to reliably "log
>>out" that I know of is to shut down your browser completely.
> 
> 
> There is *NO* way to log out completely with standard a12n. 

Yeah there is. This happens when the browser stops sending authorisation 
headers. Now, 99% of browsers out there will stop sending authorization headers 
if they receive a 401 for those authorisation headers, so the ZMI way of logging 
out can be quite reliable.

> Only if you use 
> cookie-based Login Manager, where you can make old valid cookie or so. Also 
> cookie-less AFAIK, but I've never used it yet.

huh? Sorry, that paragraph lost something in the translation :-S

I'd personally use the CookieCrumbler product if I wanted to add cookie 
authentication to a site. I wonder if someone could come up with somethign 
similar that would stroe the session in the URL instead of in a cookie?

cheers,

Chris