[Zope-dev] De-Authentication / Logout

Oleg Broytmann phd@sun.med.ru
Sat, 13 Mar 1999 14:06:39 +0300 (MSK)


On 13 Mar 1999, Andrew Snare wrote:

> >>>>> "Roger" == Roger Espinosa <roger@umich.edu> writes:
> 
>   Roger> At 4:40 PM -0500 3/12/99, Jason Spisak wrote:
>   >> Zope-misters
>   >> 
>   >> Is there a setUser type method for AUTHENTICATED_USER? I have
>   >> tried everything, and there isn't any docs.  I am trying to have
>   >> a user logout without having to quit Netscape.  Any thoughts?  --
> 
>   Roger> It's always been my impression that unless Zope can be fitted
>   Roger> with a cookie-based-authentication system (vs. the current
>   Roger> basic-auth), there's *no* way to force a "logout" because of
>   Roger> the way the *browsers* handle basic-auth.
> 
> Generally, the workaround/kludge is to change the authentication realm
> to something different, since most browsers seem to only remember
> authentication information for the most recent authentication realm
> (if I recall correctly).

   For browsers that store passwords by realms (I believe M$ IS 4+ does
this way), it is neccessary to force browser to forget password by asking
different password for the same realm. I know some sites on the Net really
do logout this way. (One of my projects is among them).

>  - Andrew
> -- 
> #!/usr/bin/env python
> print(lambda s:s+"("+`s`+")")\
> ('#!/usr/bin/env python\012print(lambda s:s+"("+`s`+")")\\\012')
> print(lambda x:x%`x`)('print(lambda x:x%%`x`)(%s)')

Oleg.
---- 
    Oleg Broytmann  National Research Surgery Centre  http://sun.med.ru/~phd/
           Programmers don't die, they just GOSUB without RETURN.