[Zope] Revoking authentication (or: logging out)?

Jonathan Corbet corbet@eklektix.com
Wed, 16 Jun 1999 18:28:58 -0600


I'm working on a system to make medical records available via a web
interface.  It needs to make different levels of access available to
different sorts of people (doctors, nurses, clerical staff) - a perfect
match for Zope's roles.

But I've encountered one rub: the web browser will be running on PC's
sitting in various spots in the clinic's offices: the doctor's office, work
areas, even examination rooms.  There will be a different person sitting
down at it every few minutes.  But, with "Basic" authentication, once the
web browser has your username/password in its clutches, it never lets go.

We're dealing with medical records here, so it is a poor idea to leave a
"logged in" browser sitting around in a public place.  What I am looking
for is a way to put in a "log out" option that stops short of killing and
restarting the browser.  Has anybody else figured out a way to do this?

Thanks,

jon

Jonathan Corbet, Eklektix, Inc.
corbet@eklektix.com