R: [Zope] CookieCrumbler logout problems

[Dieter Maurer]

Alex Cordero writes:
Please stay on the mailing list (readded).

 > ... CookieCrumbler unable to log out ...
 > How can I know what kind of authentication am I using? DTML method
 > logged_out simply conrtrols if the curren user is Anonymous User by the call
When you request a logout CookieCrumber expires the authentication cookie
and redirects to "logged_out".

When you have been authenticated via the cookie (alone), then you
will be "Anonymous User" when "logged_out" is visited.

However, when your browser provides basic authentication information,
then you are still authenticated by this information and
"logged_out" sees that the user name is still not "Anonymous User".
Therefore, it tells you that you are still authenticated and
not yet logged out.

 > ...
 > If, so, How can I say to CookieCrumbler that I want to use real cookie
 > authentication?
Usually (this means in the default setup), CookieCrumber will only
use cookie authentication (and then is able to log you out).

However, when you are authenticated by another user folder, e.g.
one above that for CookieCrumber, then your browser
may have gotten an "Unauthorized" response and has shown you a login dialog.
Your browser can (and usually will) send this login information
with any request to the Zope site. When it does, CookieCrumber
is no longer able to log you out.

An "Unauthorized" response is also send to the browser in some
exceptional error situations. You
get a browser login dialog and when you successfully provide
login information, then you are authenticated with HTTP
authentication and CookieCrumbler can no longer log you out.
This is probably a bug. But it occurs only rarely and is probably
not your problem.

Some browsers allow you to save login information accross sessions.
Such browsers may automatically authenticate you without being asked
for it. In these cases, you are authenticated via HTTP authentication
and CookieCrumber cannot log you out.



Dieter