[Zope] CookieCrumbler question

Thibaud Morel l'Horset teebes at gmail.com
Thu Mar 12 10:48:51 EDT 2009


There is no problem here per se. When you're logged in to the ZMI, your
browser is authenticated using BASIC_AUTH. What cookiecrumbler does is allow
you to log in via cookies instead. But if you're logged in via a BASIC_AUTH
user (which your manager user is), then CC can't log that user out since
that session is not cookie-based. The visitors to your site won't have this
problem since they won't be logged in to ZMI.

Your best bet is simply to create a test user and use a different browser
for your testing. For example user Firefox to be logged in to ZMI and use IE
or Safari to be logged in as a test user to test the CC behavior. That's
what I do...

- Thibaud

On Thu, Mar 12, 2009 at 10:31 AM, Dvir Bar-lev <dvir.b at puresight.com> wrote:

>  My cookiecrumbler is indeed in a subfolder, is that the cause than?
>
>
>
> My zmi looks like this:
>
>
>
> Root folder
>
>       Dvir folder – CookieCrumbler, log in forms, user folder
>
>
>
> If that is the cause what do I need to do to make sure when I log out the
> username returns to anonymus user than?
>
> I searched the web but couldn’t find any way to do it
>
>
>
> *From:* Thibaud Morel l'Horset [mailto:teebes at gmail.com]
> *Sent:* Thursday, March 12, 2009 4:29 PM
> *To:* Dvir Bar-lev
> *Cc:* zope at zope.org
> *Subject:* Re: [Zope] CookieCrumbler question
>
>
>
> Is your cookiecrumbler installed at the root of your site? or in a
> subfolder? If you're logged in to the ZMI in the root of your zope site and
> execute a CookieCrumbler logout in a subdirectory, you will still be logged
> in because you're using your manager user (if memory serves me well though
> CC actually warns you of this if you try to logout while logged in to
> ZMI...)
>
> - Thibaud
>
> On Thu, Mar 12, 2009 at 6:55 AM, Dvir Bar-lev <dvir.b at puresight.com>
> wrote:
>
> Hi
>
>
>
> I used the CookieCrumbler plugin the make a log in.
>
> I added the CookeCrumbler(standalone> from the ZMI , and now I have a log
> in form that acts oka but I want logout the user, so what I did was call the
> logout function of cookiecrumbler like this:
>
>
>
> <dtml-call expr=”logout()”>
>
>
>
> And that does bring me to the logged_out dtml but if I push the back button
> and return to the logged_in and press the refresh button I still get the
> result as if the  user is till logged in.
>
>
>
> Do I have to do anything else besides calling the logout function to make
> sure that the user is now back ti anonymus status?
>
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20090312/89f1fa5a/attachment.html 


More information about the Zope mailing list