[Grok-dev] Grok UI Manager Logout
paul at aptrackers.com
Tue Aug 9 10:25:38 EDT 2011
On 09/08/2011 15:37, Uli Fouquet wrote:
> The problem with the mentioned approach, if I understood it correctly,
> is that it only 'logs out' someone for the mentioned view.
Miguel's approach is to challenge the browser with a 401 for a different
realm than the one used by the manager interface.
I'm no expert on basic auth here, but I believe the browser keeps a
site/realm/credentials table available which, if there is a match,
allows the browser to re-use the credentials to re-authenticate whenever
it needs to. The act of prompting the browser to fail authentication
appears to clear the table entry. From what I understand, the browser
keeps one active realm per site, and one browser instance cannot be
authenticated with more than one realm for the same site.
Regarding implementing Miguel's browser challenge in the manager
interface? Perhaps it's not necessarily a good idea. It could cause
conflict with application PAU implementations. It's easy enough to
implement in the app if necessary- once one knows about this approach.
Feel free to correct my scanty knowledge...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 433 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20110809/ff6495ec/attachment.vcf
More information about the Grok-dev