[Seaside] Authenticaing Multiple Users
Avi Bryant
avi at beta4.com
Thu Nov 20 23:19:22 CET 2003
On Nov 20, 2003, at 2:10 PM, Sven Van Caekenberghe wrote:
> Maybe there should be some option somewhere to do more logging.
Yes, definitely.
> Subclassing WAAuthenticatedSession for use through /seaside/config has
> another problem in the defaultPreferences class method - no ?
Yeah, I wouldn't really recommend starting with that class. It was
intended as a *really* simple way of protecting an app from the general
public, not for any real authentication/authorization.
> Also, how do you 'log out' ?
>
> Doing new session doesn't re-authenticate as far as i can tell.
AFAIK there isn't a reliable way of logging out from HTTP Basic Auth,
short of quitting the browser - that's one of the problems of the
protocol. New session does reauthenticate - in fact, you're
reauthenticated on every page view - but the browser is remembering
your credentials and presenting them each time.
Because of this, most people use form-based login pages these days...
More information about the Seaside
mailing list