[Zope] Logging out a user (in code)

Dieter Maurer dieter@handshake.de
Mon, 9 Jul 2001 23:35:36 +0200 (CEST)


Christian Theune writes:
 > On Sun, Jul 08, 2001 at 11:50:42PM +0200, Dieter Maurer wrote:
 >  [...] 
 > > With cookie based authentication, you simply kill the cookie.
 >  [...]
 > 
 > Really? Just think, what happens if the user manually copies it's
 > cookie and stores it back on the browser?
 > 
 > You have to tell the server to forget, that this cookie is
 > authorized ... ?
Yes, if you want to be sure...
And your cookie is some hash value and not a direct encoding
of user name and password.


Dieter