[Zope] logout and IE6 problems
Mon, 03 Jun 2002 05:58:58 -0700
Pardon the cross post, since I dont know where exactly my problems lie...
I am running Zope 2.5.0 (binary release, python 2.1, win32-x86), python
2.1.2, win32 on a Win2k machine with a MySQL server. I just wrote my
first UserFolder based on the mysqlUserFolder product, but with some
customized stuff to suit my needs. I basically did not use
mysqlUserFolder's session and cookie management and instead, am using
ZSession for session management.
Finally after several days work I have everything running, barring two
problems, one doesnt matter much, the other is a gift of the evil empire
which I havent figured out as yet.
The first problem: For logout purposes I used the function that handles
the logout in ZMI and call it from a form; the function is as follows:
def user_logout (Self, REQUEST,RESPONSE):
""" Terminates user session """
user = Self.check_valid_mysql_user (REQUEST)
RESPONSE.setHeader('WWW-Authenticate', 'basic realm="%s"' %
<meta http-equiv="refresh" content="0;
<body><p>You have been logged out.</p>
It basically does the job beutifully and I have no problems. What I
would like to do however is to be able log back in when prompted for a
login and password as a result of this call. I tested the ZMI interface
and it does the same too : once you log-out you have to cancel the
prompt box and then try and access a protected resource to get logged
back in. I tested the control flow and as a matter of fact when I enter
the right username/password combo it goes through 'validate' and
authenticates it all right but just doesn't accept it and sends another
401. Any ideas as to hwo to get around that would be great....!!
The second problem: All of the above works nicely with all versions of
Netscape. On IE versions 5.01 and above however, it behaves
exceptionally badly. In that I can login and a nice little session
variable is created, and the cookies are set up, and when I log out, the
sessions are cleared and cookies thrown out and I get prompted to log in
which if I cancel, I get booted to the logged out page. All nice and clean.
However if I press the back button or type in the URL of a protected
resource it sends the authentication information back and I am not
prompted to log back in. On looking at the session and cookie info, I
found that a new one had been created with the same auth information.
"It just ignored the HTTP 401 !!!"
Now I dont know if that is a bug in IE ( I am inclined to believe it
is!! ), but I have tested my package pretty exhaustively and it works
without fail in all NS and upto IE 5.0. If anybody has encountered the
problem before and has figured out how to deal with it 'without' closing
all IE windows, I would be immensely grateful if s/he could pass on the
Thanks for you collective patience.
"I saw `cout' being shifted "Hello world" times to the left and
stopped right there!!" -- Steve Gonedes