Greetings, We're building a Pyramid 1.0 application at work. We are using the built in AuthTktAuthenticationPolicy as our authentication policy.
We call remember and forget in our login and logout views. The login view returns HTTPSeeOther, passing it the headers returned from remember and the location of our home page. The logout view returns HTTPFound, passing it the headers returned from forget and the location of our home page. We set authtkt.timeout to 12000, authtkt.reissue_time to 120, and authtkt.max_age to 12000 in the .ini file, and use that data to create our instance of AuthTktAuthenticationPolicy in our package's __init__.main function. Our home page mako template calls authenticated_userid to determine whether or not anyone is logged in, and adjusts the HTML accordingly. So far, so good, except that sometimes we have to log out twice; after the first one, the application still thinks that someone is logged in. This happens in both Firefox and IE (and in different versions and on different platforms), so I don't think it's a browser issue. It has happened with different values of timeout and max_age, too, but I don't have any hard data. We've seen it with the application running on Linux, Windows, and OpenSolaris. Any ideas? Are we doing anything obviously wrong? Has anyone else seen anything like this? Thanks, Dan -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
