R: R: [Zope] CookieCrumbler logout problems
Dieter Maurer
dieter@handshake.de
Sat, 9 Mar 2002 22:30:47 +0100
Alex Cordero writes:
>
> > An "Unauthorized" response is also send to the browser in some
> > exceptional error situations. You
> > get a browser login dialog and when you successfully provide
> > login information, then you are authenticated with HTTP
> > authentication and CookieCrumbler can no longer log you out.
> > This is probably a bug. But it occurs only rarely and is probably
> > not your problem.
>
> This is really what it does! When I log in by the login_form and then I
> examine the REQUEST object (I do so by a DTML method which recalls REQUEST),
> AUTHENTICATED_USER is set the same as the cookie name!
But, that is as it should be:
When you log in, AUTHENTICATED_USER should show that you
have logged in, i.e. the name in the cookie!
You will not see in the REQUEST object whether or not your
browser has sent authentication information (and therefore, CookieCrumber
will not be able to log you out). You can see it with
e.g. TCPWatch or another TCP logger.
Dieter