[Seaside] Authenticaing Multiple Users
Ian Prince
ian at inextenso.com
Fri Nov 21 06:45:08 CET 2003
On 20 nov. 03, at 23:19, Avi Bryant wrote:
>
>> Also, how do you 'log out' ?
>>
>> Doing new session doesn't re-authenticate as far as i can tell.
>
> AFAIK there isn't a reliable way of logging out from HTTP Basic Auth,
> short of quitting the browser - that's one of the problems of the
> protocol. New session does reauthenticate - in fact, you're
> reauthenticated on every page view - but the browser is remembering
> your credentials and presenting them each time.
It's a pity that more browsers do no offer a "clear passwords" option
like OmniWeb does via its very useful "Clear Cache option.
> Because of this, most people use form-based login pages these days...
Sigh... which is a real pain if you need to write a client http
application to interact with the session cookies instead of simply
"calling" http://user:password@www.server.com
IMHO the protocol is fine, it's the browsers the are broken.
Ian.
More information about the Seaside
mailing list