[Seaside] Authenticaing Multiple Users

Avi Bryant avi at beta4.com
Thu Nov 20 23:19:22 CET 2003

On Nov 20, 2003, at 2:10 PM, Sven Van Caekenberghe wrote:

> Maybe there should be some option somewhere to do more logging.

Yes, definitely.

> Subclassing WAAuthenticatedSession for use through /seaside/config has 
> another problem in the defaultPreferences class method - no ?

Yeah, I wouldn't really recommend starting with that class.  It was 
intended as a *really* simple way of protecting an app from the general 
public, not for any real authentication/authorization.

>  Also, how do you 'log out' ?
> Doing new session doesn't re-authenticate as far as i can tell.

AFAIK there isn't a reliable way of logging out from HTTP Basic Auth, 
short of quitting the browser - that's one of the problems of the 
protocol.  New session does reauthenticate - in fact, you're 
reauthenticated on every page view - but the browser is remembering 
your credentials and presenting them each time.

Because of this, most people use form-based login pages these days...

More information about the Seaside mailing list