[Zope] Log Out Problems With Cookie Authentication (&LDAPUserFolder)

Riggs, David driggs@asset.com
Wed, 19 Jun 2002 14:57:47 -0400


Changed my 'Log Out' link to look like this:

<dtml-call "REQUEST.set('form_action','/ewing/acl_users/logout')">
<A HREF=3D"&dtml-form_action;" TARGET=3D"_top">Log Out</A>

Which when rendered (according to view/source) comes out as:

<A HREF=3D"/ewing/acl_users/logout" TARGET=3D"_top">Log Out</A>

...but the result is still the same, I'm not logged out. This
looks like a simple variable replacement, I shouldn't need to
POST a form to the logout script should I?

> -----Original Message-----
> From: Aseem Mohanty [mailto:aseem@neurobehavioralsystems.com]=20
> Sent: Wednesday, June 19, 2002 2:32 AM
> To: Riggs, David
> Cc: zope@zope.org
> Subject: Re: [Zope] Log Out Problems With Cookie=20
> Authentication (&LDAPUserFolder)
>=20
>=20
> try this:
>=20
> <dtml-call "REQUEST.set ('form_action',=20
> '/test2/acl_users/user_logout')"> <a class=3D"menu_link"=20
> href=3D"&dtml-form_action;">LOGOUT</a><br>
>=20
> what you wrote didnt work for me either so I kinda copied the=20
> form way=20
> of doing it.
> Quite frankly I dont know why this works and the other=20
> doesnt... but if=20
> anybody knows I would be grateful for the explanation..
>=20
> AM
>=20
> Riggs, David wrote:
>=20
> >Hi all,
> >
> >I'm using Zope 2.5.1 under Win2k, and authenticating users
> >via the LDAPUserFolder (1.5beta1) with cookie based
> >authentication. I've got a logout link that looks like this:
> >
> ><a href=3D"/mysite/acl_users/logout">Log Out</a>
> >
> >Where the acl_users object is my LDAPUserFolder, and the=20
> logout object=20
> >is a custom form I've placed in it that looks like this:
> >
> ><dtml-call expr=3D"RESPONSE.expireCookie('__ac',path=3D'/')">
> ><dtml-call expr=3D"SESSION.invalidate()">
> ><dtml-call expr=3D"RESPONSE.redirect('/mysite/index_html')">
> >
> >The redirect works, but what I expect to happen is that
> >the user should be presented with the login form, instead
> >they are presented with index_html and are most definitely
> >not logged out (user Anonymous does not have 'view'
> >permissions while Authenticated does). In fact, I can't
> >seem to kill the session without closing down the browser
> >entirely.
> >
> >Could anyone give me any pointers to using cookie based=20
> authentication,=20
> >or let me know what I'm doing wrong in this case?
> >
> >Thanks!
> >
> >David A. Riggs
> >Science Applications International Corporation - SAIC
> > (304)284-9000x201                  driggs@asset.com
> >
> --=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>  Aseem Mohanty					=09
> 	  =20
>  Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706=20
>  (R) 510 7696011 (M) 510 3014871 (O) 510 5279231		  =09
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
--=20
David A. Riggs
Science Applications International Corporation - SAIC
 (304)284-9000x201                  driggs@asset.com