[Zope] CookieCrumbler question

Dvir Bar-lev dvir.b at puresight.com
Thu Mar 12 10:50:57 EDT 2009


I'm a little confused here.

 

What happened is this, I launch IE, go to the address http://zope
address/dvir/login

 

I do log in and than I log out after I managed to log in, now I f I
press the back button after I logged out and goes back to the page and
refresh it I still get the same behavior as if I was logged in. 

Is this supposed to work like this? 

 

If not than how can I fix it?

 

From: Thibaud Morel l'Horset [mailto:teebes at gmail.com] 
Sent: Thursday, March 12, 2009 4:49 PM
To: Dvir Bar-lev
Cc: zope at zope.org
Subject: Re: [Zope] CookieCrumbler question

 

There is no problem here per se. When you're logged in to the ZMI, your
browser is authenticated using BASIC_AUTH. What cookiecrumbler does is
allow you to log in via cookies instead. But if you're logged in via a
BASIC_AUTH user (which your manager user is), then CC can't log that
user out since that session is not cookie-based. The visitors to your
site won't have this problem since they won't be logged in to ZMI.

Your best bet is simply to create a test user and use a different
browser for your testing. For example user Firefox to be logged in to
ZMI and use IE or Safari to be logged in as a test user to test the CC
behavior. That's what I do...

- Thibaud

On Thu, Mar 12, 2009 at 10:31 AM, Dvir Bar-lev <dvir.b at puresight.com>
wrote:

My cookiecrumbler is indeed in a subfolder, is that the cause than?

 

My zmi looks like this:

 

Root folder

      Dvir folder - CookieCrumbler, log in forms, user folder

 

If that is the cause what do I need to do to make sure when I log out
the username returns to anonymus user than?

I searched the web but couldn't find any way to do it

 

From: Thibaud Morel l'Horset [mailto:teebes at gmail.com] 
Sent: Thursday, March 12, 2009 4:29 PM
To: Dvir Bar-lev
Cc: zope at zope.org
Subject: Re: [Zope] CookieCrumbler question

 

Is your cookiecrumbler installed at the root of your site? or in a
subfolder? If you're logged in to the ZMI in the root of your zope site
and execute a CookieCrumbler logout in a subdirectory, you will still be
logged in because you're using your manager user (if memory serves me
well though CC actually warns you of this if you try to logout while
logged in to ZMI...)

- Thibaud

On Thu, Mar 12, 2009 at 6:55 AM, Dvir Bar-lev <dvir.b at puresight.com>
wrote:

Hi

 

I used the CookieCrumbler plugin the make a log in.

I added the CookeCrumbler(standalone> from the ZMI , and now I have a
log in form that acts oka but I want logout the user, so what I did was
call the logout function of cookiecrumbler like this:

 

<dtml-call expr="logout()">

 

And that does bring me to the logged_out dtml but if I push the back
button and return to the logged_in and press the refresh button I still
get the result as if the  user is till logged in.

 

Do I have to do anything else besides calling the logout function to
make sure that the user is now back ti anonymus status?


_______________________________________________
Zope maillist  -  Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

 


_______________________________________________
Zope maillist  -  Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20090312/991bd870/attachment.html 


More information about the Zope mailing list