[Zope] logging out of ZMI
Christian Theune
ct@gocept.com
Fri, 1 Mar 2002 08:22:16 +0100
--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Tom.
This is a generic problem with HTTP Basic Auth.
1) There is no real thing like "logout".
2) On every page your browser sends your authentication information (creden=
tials) to the server
if the server requests them.
3) You need to convince your browser not to do so anymore if you want to lo=
g out.
Now we have some choices:
- The browser could provide a function to cancel given HTTP Basic AUTH =
credentials
- The browser could forget them on a new send AUTH request (some browse=
rs do so i think)
- The browser could forget them when you provide new credentials (this =
is what the most browsers do i think), which requires you to enter some inv=
alid user data
But at least the "logout" would be done if you close the browser. So whats =
the conclusion?
Don't rely on HTTP Basic AUTH for logout, because it will break your neck i=
f you don't watch.
(Isn't that a thing for Zope 2.6??? We could think about cookie using stand=
ard userfolder
with some nice login page and a fast "switch user" function or something li=
ke that ...=20
Hope that helps.
Christian
On Fri, Mar 01, 2002 at 06:04:10PM +1000, Tom Cameron wrote:
> This may be an old question, but I still don't understand what is happeni=
ng.
>=20
> I have used almost every version of Zope from about 2.1.6 to 2.5.0 and in
> every case when I try to logout of the ZMI it just does not log me out.
>=20
> an extract from the Zope Book says...
>=20
> http://www.zope.org/Members/michel/ZB/UsingZope.dtml
> "To logout select Logout from the top frame of the management interface a=
nd
> cancel the new login. You should see a message telling you that you are
> logged out. If you try to access the Zope management interface after you =
are
> logged out, you'll be prompted to log in again. You can also logout of Zo=
pe
> by quitting your web browser."
>=20
> But this is not the case. When I select Logout from the top frame it does
> give me the new login dialog, but no matter what I choose from there on, I
> am still logged in and can browse and access all the zope objects.
>=20
> I just cant figure it out - the only method that logs me out is quitting =
all
> my browser window, which is a real pain.
>=20
> What am I doing wrong?
>=20
> Tom
>=20
>=20
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -=20
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
--=20
Christian Theune - ct@gocept.com
gocept gmbh & co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981
reduce(lambda x,y:x+y,[chr(ord(x)^42) for x in 'zS^BED\nX_FOY\x0b'])
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8fywodUt9X/gknwIRAsCUAKCGFc4MVn7TI4zDj+XRy8sUkn1edQCcDcrF
uaHaMS5VbGqHDNvtI1DtQ5w=
=COhG
-----END PGP SIGNATURE-----
--3MwIy2ne0vdjdPXF--