[Zope] Revoking authentication (or: logging out)?

[Anthony Baxter]

If you use the "unsupported" UserDB system, you can store the auth info
in cookies, instead of basic auth. You can then do a 'logout' by calling
acl_users/docLogout.

(or even modify the UserDB code to add an expiry date to the cookie)

Anthony

>>> Jonathan Corbet wrote
> I'm working on a system to make medical records available via a web
> interface.  It needs to make different levels of access available to
> different sorts of people (doctors, nurses, clerical staff) - a perfect
> match for Zope's roles.
> 
> But I've encountered one rub: the web browser will be running on PC's
> sitting in various spots in the clinic's offices: the doctor's office, work
> areas, even examination rooms.  There will be a different person sitting
> down at it every few minutes.  But, with "Basic" authentication, once the
> web browser has your username/password in its clutches, it never lets go.
> 
> We're dealing with medical records here, so it is a poor idea to leave a
> "logged in" browser sitting around in a public place.  What I am looking
> for is a way to put in a "log out" option that stops short of killing and
> restarting the browser.  Has anybody else figured out a way to do this?
> 
> Thanks,
> 
> jon
> 
> Jonathan Corbet, Eklektix, Inc.
> corbet@eklektix.com
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.