[Zope] Log Out Problems With Cookie Authentication (& LDAPUserFolder)

Riggs, David driggs@asset.com
Wed, 19 Jun 2002 13:41:39 -0400


Hi all,

I'm using Zope 2.5.1 under Win2k, and authenticating users
via the LDAPUserFolder (1.5beta1) with cookie based=20
authentication. I've got a logout link that looks like this:

<a href=3D"/mysite/acl_users/logout">Log Out</a>

Where the acl_users object is my LDAPUserFolder, and the
logout object is a custom form I've placed in it that looks
like this:

<dtml-call expr=3D"RESPONSE.expireCookie('__ac',path=3D'/')">
<dtml-call expr=3D"SESSION.invalidate()">
<dtml-call expr=3D"RESPONSE.redirect('/mysite/index_html')">

The redirect works, but what I expect to happen is that
the user should be presented with the login form, instead
they are presented with index_html and are most definitely
not logged out (user Anonymous does not have 'view'=20
permissions while Authenticated does). In fact, I can't
seem to kill the session without closing down the browser
entirely.

Could anyone give me any pointers to using cookie based
authentication, or let me know what I'm doing wrong in
this case?

Thanks!

David A. Riggs
Science Applications International Corporation - SAIC
 (304)284-9000x201                  driggs@asset.com