[Borges-users] logout button
Pierre Baillet
oct at zoy.org
Sat Apr 10 22:29:51 EDT 2004
On Sat, Apr 10, 2004, Eric Hodel wrote:
> ??????? ???????? (slepnev_v at rambler.ru) wrote:
>
> > Hello,
> >
> > I need a 'logout' button. How do I invalidate an AuthenticatedSession
> > manually? Is it even possible? (If the user has one open browser
> > window, he can just close it; but if he has several, we need the
> > button.) Come to think of it, after we do invalidate the session, the
> > user will have to close both the (modal) password prompt and the main
> > window, which is bad. (I've tried using basic_auth_do, but it doesn't
> > invalidate the authentication after it's finished; and I guess that's
> > correct.)
>
> Since its using Basic Auth, I don't think it can be done, unless they
> close the browser window. The best way to have them logout is to delete
> their session.
>
> On the Seaside list recently was some code to perform form-based logins.
>
On most browser, sending two 401 in row force the browser window to
discard its credentials and ask for new ones to the user.
On the first 401 the web browser resubmit it valid credential and when
it receives the second 401, it forgets it old user and password and asks
the user for new ones.
Using a GET value, cookie, or internal session variable, that kind of
trick is possible.
Cheers,
--
Pierre Baillet
It is a good viewpoint to see the world as a dream. When you have something
like a nightmare, you will wake up and tell yourself that it was only a dream.
It is said that the world we live in is not a bit different from this.
Ghost Dog - The Way of the Samouraï
More information about the Borges-users
mailing list