[Zope] keeping track of logged in users
Chris Withers
chrisw@nipltd.com
Thu, 08 Aug 2002 08:24:02 +0100
Bo M. Maryniuck wrote:
> On Wednesday 07 August 2002 12:30, Jo Meder wrote:
>
>>Voila: seems like you never logged out. The only method to reliably "log
>>out" that I know of is to shut down your browser completely.
>
>
> There is *NO* way to log out completely with standard a12n.
Yeah there is. This happens when the browser stops sending authorisation
headers. Now, 99% of browsers out there will stop sending authorization headers
if they receive a 401 for those authorisation headers, so the ZMI way of logging
out can be quite reliable.
> Only if you use
> cookie-based Login Manager, where you can make old valid cookie or so. Also
> cookie-less AFAIK, but I've never used it yet.
huh? Sorry, that paragraph lost something in the translation :-S
I'd personally use the CookieCrumbler product if I wanted to add cookie
authentication to a site. I wonder if someone could come up with somethign
similar that would stroe the session in the URL instead of in a cookie?
cheers,
Chris