[Zope] Zope Logout

entheos@entheossoft.com entheos@entheossoft.com
Thu, 31 Jan 2002 17:04:24 -0500 

Looking at the source for manage_zmi_logout might help you.  This is extracted from Zope/lib/python/App/Management.py:

    def manage_zmi_logout(self, REQUEST, RESPONSE):
        """Logout current user"""
        p = getattr(REQUEST, '_logout_path', None)
        if p is not None:
            return apply(self.restrictedTraverse(p))

        realm=RESPONSE.realm
        RESPONSE.setStatus(401)
        RESPONSE.setHeader('WWW-Authenticate', 'basic realm="%s"' % realm, 1)
        RESPONSE.setBody("""<html>
<head><title>Logout</title></head>
<body>
<p>
You have been logged out.
</p>
</body>
</html>""")
        return
 
Basically, it sets the header requiring authorization and does nothing with it.  This way, the browser (hopefully) decides it doesn't need to store anymore authentication information.  It generally, doesn't work that way though.

Troy

> Todd, thank you for your reply.  Unfortunately, my host is running Zope
> 2.3 on top of python 1.5.2 and thus will not support ExUserFolder.
> Cookie User Folder may work, but I would at least like to hear from
> others who have attempted to get around this problem.  I'm particularly
> curious to know why the try/finaly scheme didn't work.=20
> 
> I did notice something strange.  When i navigate to my dtml document
> that has the logout code, i am presented with the http authentication
> dialog.  However, providing my credentials still yields the Unauthorized
> error message.
> 
> Has anyone been able to log out of a session using the standard user
> folder without displaying the error message??? =20
> 
> Thanks so much,
> Keith
> 
> 
> -----Original Message-----
> From:	Todd Graham
> Sent:	Wed 1/30/2002 8:27 PM
> To:	Keith Alperin; zope@zope.org
> Cc:=09
> Subject:	Re: [Zope] Zope Logout
> 
> Take a look on Zope.org for Cookie User Folder, or ExUserFolder these
> products give you more flexibility when handling authentication.
> 
> Hope this helps,
> 
> T
> 
> ----- Original Message -----
> From: Keith Alperin <KAlperin@ignitesports.com>
> To: <zope@zope.org>
> Sent: Wednesday, January 30, 2002 12:33 PM
> Subject: [Zope] Zope Logout
> 
> 
> Greetings Zopistas!
> 
> I'm currently working on a site where I have one requirement left to
> fulfill before I can release.  I need to be able to allow users to
> logout and sign in as someone else.  After doing some research I came up
> with some DTML that looks like this (I don't have the code in front of
> me, but it's pretty similar):
> 
> <dtml-raise Unauthorized>
> You are not authorized
> </dtml-raise>
> 
> This does log the person out, but also generates a pretty ugly error
> message.  If possible, I'd like to use a redirect.  However, this still
> raised the Unauthorized error:
> 
> <dtml-raise Unauthorized>
> <dtml-var expr=3D"RESPONSE.redirect('/')">
> </dtml-raise>
> 
> Finally, I tried a try/finally block which still errored out:
> 
> <dtml-try>
> <dtml-raise Unauthorized>
> You are not authorized
> </dtml-raise>
> <dtml-finally>
> <dtml-var expr=3D"RESPONSE.redirect('/')">
> </dtml-try>
> 
> Any advice that anyone can provide would be MOST appreciated.
> 
> Thanks so much!
> 
> Keith R. Alperin