[Grok-dev] Grok UI Manager Logout

paul paul at aptrackers.com
Tue Aug 9 10:25:38 EDT 2011

On 09/08/2011 15:37, Uli Fouquet wrote:
> The problem with the mentioned approach, if I understood it correctly,
> is that it only 'logs out' someone for the mentioned view.
Miguel's approach is to challenge the browser with a 401 for a different 
realm than the one used by the manager interface.

I'm no expert on basic auth here, but I believe the browser keeps a 
site/realm/credentials table available which, if there is a match, 
allows the browser to re-use the credentials to re-authenticate whenever 
it needs to.  The act of prompting the browser to fail authentication 
appears to clear the table entry.  From what I understand, the browser 
keeps one active realm per site, and one browser instance cannot be 
authenticated with more than one realm for the same site.

Regarding implementing Miguel's browser challenge in the manager 
interface? Perhaps it's not necessarily a good idea.  It could cause 
conflict with application PAU implementations.  It's easy enough to 
implement in the app if necessary- once one knows about this approach.

Feel free to correct my scanty knowledge...

Kind regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: prsephton.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20110809/ff6495ec/attachment.vcf 

More information about the Grok-dev mailing list