[Seaside] Authenticaing Multiple Users

Ian Prince ian at inextenso.com
Fri Nov 21 06:45:08 CET 2003


On 20 nov. 03, at 23:19, Avi Bryant wrote:

>
>>  Also, how do you 'log out' ?
>>
>> Doing new session doesn't re-authenticate as far as i can tell.
>
> AFAIK there isn't a reliable way of logging out from HTTP Basic Auth, 
> short of quitting the browser - that's one of the problems of the 
> protocol.  New session does reauthenticate - in fact, you're 
> reauthenticated on every page view - but the browser is remembering 
> your credentials and presenting them each time.

It's a pity that more browsers do no offer a "clear passwords" option 
like OmniWeb does via its very useful "Clear Cache option.

> Because of this, most people use form-based login pages these days...

Sigh... which is a real pain if you need to write a client http 
application to interact with the session cookies instead of simply 
"calling" http://user:password@www.server.com

IMHO the protocol is fine, it's the browsers the are broken.

Ian.




More information about the Seaside mailing list