[Zope] Cookies for banishing users

Oliver Bleutgen myzope@gmx.net
Tue, 03 Sep 2002 10:35:06 +0200


Chetan Kumar wrote:
> Dieter Maurer wrote:
> 
>> Chetan Kumar writes:
>> > ...
>> > 6. The user logs out (The cookie should expire here)
>> You know the "expireCookie" method of the response object?
>>
> Yes. I have used this.
> However, the problem is elsewhere. The users can just click
> "reload" and the python scripts performs its action !! I can
> stop the python script from behaving in this manner in a
> more explicit way, but I would expect that once the cookie
> is expired the users should not be able to do anything without
> login.
> Regards,
> Chetan

Then please use something like shane's tcpwatch (->google) to monitor 
the communication between browser and zope.
Maybe the old cookie is resent when pressing back?

cheers,
oliver