[Zope-CMF] how to force logout when server closes??

Tres Seaver tseaver@zope.com
06 Jul 2003 09:46:07 -0400


On Sat, 2003-07-05 at 11:46, robert wrote:

> I am using Plone (for CMF this te situation is probably the same).
> I would *think* that CookieCrumbler's cookies would expire automatically when 
> closing all sessions.

The default CookieCrumbler cookies to expire when the browser session
ends.  There is a way to override this:  perhaps there is a Plone option
which turns this override on?

> However, when you login to the same portal with a new Browser, you are still 
> logged in.
> So what I would like to do, is force a logout when closing the browser. 

Several things:

  - While logged in, use your browser's cookie inspection features
    to verify the expiration of the auth cookie, which is named
    '__ac'.

  - Ensure that the browser is *really* closed (use 'killall mozilla',
    or the three-fingered salute in Windows to ensure that the process
    has really exited).

  - Look for the presence in your skins of a method named
    'setAuthCookie'.  If it is present, then it is probably the culprit;
    try removing it and see if the problem goes away.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com