[Zope] Is Logout actually impossible? (ExUserFolder)
Crosbie Fitch
crosbie@cyberspaceengineers.org
Mon, 17 Mar 2003 22:04:46 -0000
Is it just me, or is logout actually impossible?
Once you're authenticated with ExUserFolder (on a subfolder), it seems near
as dammit impossible to become un-authenticated - I've tried quite a few
permutations (standard authentication & cookie based).
This doesn't work:
<div tal:define="dummy python:here.acl_users.logout(request)" />
Nor does this:
<div tal:define="dummy
python:request['RESPONSE'].expireCookie('__ac',path='/')"/>
NB What should 'path' be here?
Sure, you can redirect to a folder above the XUF acl_users, e.g. to the
root:
<div tal:define="dummy python:request.response.redirect('/loggedout')" />
but that doesn't stop the user going back to where they were and remaining
authenticated.
I've read in some places that it's all IE's fault, for not destroying the
session info, but I'm using the latest version of IE, so that seems strange.
Do PHP users have this problem too, or is it just Zope?
I can get registration and login working just fine. It's just logout that's
tricky.