[Zope] LoginManager - logging out

[Bill Welch]

On Tue, 19 Dec 2000, Tim Cook wrote:

> Mohan Baro wrote:
> > 
> > Thanks,
> > 
> > I have tried it.
> > 
> > <dtml-raise type="Unauthorized">
> > Logout!!
> > </dtml-raise>
> > 
> > I guess it logs me out. But it also gives me a login dialog box .... it does
> > not accept any of the account. So I cannot log back in! Why?
> > 

The login dialog is the reauthentication opportunity that's your browser's
response to the 'Unauthorized' exception and that's normal. Don't know why
you can't log back in. Works for me in Navigator, IE, and Konqueror. Lynx
displayed an opportunity to reauthenticate once, and then only showed the
exception after that.

> I'm not sure WHY it won't accept your username at this point.
> BUT, it doesn't really logout you out either. If you hit the back
> button a couple of times you'll notice that you are still logged
> in.  The only way to logout using standard authentication is to
> close the browser.

Not true, depends on the browser. My tests indicate that Navigator and IE
both trash the existing good credential with the garbage one and you're
really logged out. Konqueror and lynx seem to hang on to the last
successful authentication and this method doesn't log you out.

Hitting the back button doesn't tell you anything about what credential
your browser is sending to the server. Try visiting a privileged page
after going back or look at the request that's actually being sent. Try
using this one line method (I call mine 'debug'):

<dtml-var REQUEST>

After visting yourSite/logout and trying to login as a garbage user at the
reauthentication opportunity (blanking the user name seems to work fine),
visit yourSite/debug. Check other/AUTHENTICATED_USER, Navigator and IE
show 'Anonymous User', Konqueror and lynx show the last good user.

Bill.