RE: [Zope] LoginManager - logging out
Thank you Mohan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Anderson Sent: Thursday, December 21, 2000 1:57 PM To: [EMAIL PROTECTED] Subject: Re: [Zope] LoginManager - logging out Mohan Baro wrote: Its just not working for me. I am going to try LoginManager + ZPatterns (hope it has a handy logout feature) Well, you could look at the Membership product to see how we do it there. :) IIRC, it works fine with the latest LM and Zope. Zpatterns won't provide a logout feature, since that is not it's responsibility. Bill ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager - logging out
Inspired by Jim Washington's recent post re 'Anonymous user', I was reminded of a previous post in which someone suggested http://garbage:x@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. first, http://yourSite/manage and login then http://garbage:x/yourSite/debug and check other/AUTHENTICATED_USER On Tue, 19 Dec 2000, Bill Welch wrote: Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Up to this point, I've been talking about mechanisms for you, personally, to log out to switch between developer and user roles for testing. Clearly, these mechanisms aren't appropriate for the users of your site. I think LoginManager isn't the only choice, but I can't say, off hand, what the other choices are. Bill. On Wed, 20 Dec 2000, Mohan Baro wrote: for me I need to log out completely. similar to what they do at ZOPE.ORG (login/logout) In fact I wouldn't mind a form based login system similar to zope.org Mohan. what you guys are saying is that 1) using standard authentication ( I have a problem with logout) 2) and I must use LoginManager + ZPatterns ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Its just not working for me. I am going to try LoginManager + ZPatterns (hope it has a handy logout feature) Mohan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Welch Sent: Wednesday, December 20, 2000 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Zope] LoginManager - logging out Inspired by Jim Washington's recent post re 'Anonymous user', I was reminded of a previous post in which someone suggested http://garbage:x@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. first, http://yourSite/manage and login then http://garbage:x/yourSite/debug and check other/AUTHENTICATED_USER On Tue, 19 Dec 2000, Bill Welch wrote: Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
reminded of a previous post in which someone suggested http://garbage:x@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. Its just not working for me. I am going to try LoginManager + ZPatterns (hope it has a handy logout feature) Remember to press shift+reload in IE, this nasty thing just takes the cached pages otherwise. About LoginManager and ZPatterns, they won't help you for the Basic http-authentication. This is really a client-side problem. And finally, I reread a previous mail of yours: Thanks, I have tried it. dtml-raise type="Unauthorized" Logout!! /dtml-raise I guess it logs me out. But it also gives me a login dialog box it does not accept any of the account. So I cannot log back in! Why? Just a quick guess, is it possible that you reenter your credentials and just reload the page which contains the above code which again causes an "Unauthorized" to be raised (and therefore causes the browser to show the login-dialog again)? Have you tried pointing your browser to another URI on that server? cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Thanks for the tips: 1)the logout method work with shift+reload in IE (how would clear cached pages from zope?) 2)the dtml-raise type="Unauthorized" method does not allow me to log back in even when I try a redirect to a different page. I am wondering if something is set incorrectly on my browser. If (2) works for you it must work for me to?? Any way thanks for all the help I get it to work I will post the solution. BTW Do you know how the achieve [login/logout] at ZOPE.ORG ie Zope Portal Toolkit ?? Mohan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Oliver Bleutgen Sent: Wednesday, December 20, 2000 1:01 PM To: [EMAIL PROTECTED] Subject: RE: [Zope] LoginManager - logging out reminded of a previous post in which someone suggested http://garbage:x@yourSite would also clear the browser's credential. Much faster and works in IE and Konqueror, but not Navigator or lynx. Very easy to test, too. Its just not working for me. I am going to try LoginManager + ZPatterns (hope it has a handy logout feature) Remember to press shift+reload in IE, this nasty thing just takes the cached pages otherwise. About LoginManager and ZPatterns, they won't help you for the Basic http-authentication. This is really a client-side problem. And finally, I reread a previous mail of yours: Thanks, I have tried it. dtml-raise type="Unauthorized" Logout!! /dtml-raise I guess it logs me out. But it also gives me a login dialog box it does not accept any of the account. So I cannot log back in! Why? Just a quick guess, is it possible that you reenter your credentials and just reload the page which contains the above code which again causes an "Unauthorized" to be raised (and therefore causes the browser to show the login-dialog again)? Have you tried pointing your browser to another URI on that server? cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Thanks for the tips: 1)the logout method work with shift+reload in IE (how would clear cached pages from zope?) 2)the dtml-raise type="Unauthorized" method does not allow me to log back in even when I try a redirect to a different page. I am wondering if something is set incorrectly on my browser. If (2) works for you it must work for me to?? No, actually I hadn't thought of redirecting, but I guess it can't work. Either because the browser ignores the redirect after an 401 Unauthorized, or because of the nature of dtml-raise which maybe prevents zope from interpreting following code. Maybe someone can shed some light on that. Perhaps you could try this: dtml-unless "AUTHENTICATED_USER.getUserName()=='Anonymous User'" dtml-raise type="Unauthorized" Logout!! /dtml-raise /dtml-unless You are now logged out! Not very elegant (you have to enter one false login/pw combination for the unless to work), but perhaps someone else has a better idea. This may depend on why you want to log out - for just reaching Anonymous "status" this seems the right thing. Otherwise introducing a new kind of role might help "logout_user", so you could test for that. cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Thanks, I have tried it. dtml-raise type="Unauthorized" Logout!! /dtml-raise I guess it logs me out. But it also gives me a login dialog box it does not accept any of the account. So I cannot log back in! Why? What is going on here? Mohan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Welch Sent: Monday, December 18, 2000 11:06 AM To: Mohan Baro Cc: [EMAIL PROTECTED] Subject: RE: [Zope] LoginManager - logging out this is my logout DTML method dtml-raise type="Unauthorized" Logout!! /dtml-raise On Mon, 18 Dec 2000, Mohan Baro wrote: Can you please give an example of this code or method? Mohan. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager - logging out
Mohan Baro wrote: Thanks, I have tried it. dtml-raise type="Unauthorized" Logout!! /dtml-raise I guess it logs me out. But it also gives me a login dialog box it does not accept any of the account. So I cannot log back in! Why? I'm not sure WHY it won't accept your username at this point. BUT, it doesn't really logout you out either. If you hit the back button a couple of times you'll notice that you are still logged in. The only way to logout using standard authentication is to close the browser. HTH, -- Tim Cook, President -- Free Practice Management,Inc. | http://FreePM.com Office: (901) 884-4126 Censorship: The reaction of the ignorant to freedom. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager - logging out
On Tue, 19 Dec 2000, Tim Cook wrote: Mohan Baro wrote: Thanks, I have tried it. dtml-raise type="Unauthorized" Logout!! /dtml-raise I guess it logs me out. But it also gives me a login dialog box it does not accept any of the account. So I cannot log back in! Why? The login dialog is the reauthentication opportunity that's your browser's response to the 'Unauthorized' exception and that's normal. Don't know why you can't log back in. Works for me in Navigator, IE, and Konqueror. Lynx displayed an opportunity to reauthenticate once, and then only showed the exception after that. I'm not sure WHY it won't accept your username at this point. BUT, it doesn't really logout you out either. If you hit the back button a couple of times you'll notice that you are still logged in. The only way to logout using standard authentication is to close the browser. Not true, depends on the browser. My tests indicate that Navigator and IE both trash the existing good credential with the garbage one and you're really logged out. Konqueror and lynx seem to hang on to the last successful authentication and this method doesn't log you out. Hitting the back button doesn't tell you anything about what credential your browser is sending to the server. Try visiting a privileged page after going back or look at the request that's actually being sent. Try using this one line method (I call mine 'debug'): dtml-var REQUEST After visting yourSite/logout and trying to login as a garbage user at the reauthentication opportunity (blanking the user name seems to work fine), visit yourSite/debug. Check other/AUTHENTICATED_USER, Navigator and IE show 'Anonymous User', Konqueror and lynx show the last good user. Bill. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one. Besides shutting down your browser, you trash its credential. Create a simple DTML method that raises the 'Unauthorized' exception. Direct your brower to that method. The browser will, in some form or manner, request that you authenticate again. Now the important part, don't cancel the reauthentication! Type in some garbage user name and password and send it. Your brower will give you another chance to authenticate, but this one you cancel and you're back to being anonymous as far as Zope is concerned. Bill. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
Where can I get more information on the following methods ( i.e which zope documentation) 1) authenticate() as in dtml-call "AUTHENTICATED_USER.authenticate()" 2) logout() Mohan ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
this is my logout DTML method dtml-raise type="Unauthorized" Logout!! /dtml-raise On Mon, 18 Dec 2000, Mohan Baro wrote: Can you please give an example of this code or method? Mohan. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] LoginManager - logging out
I used this code in my "logoutForm" to logout user in my old setup (LoginManager-0_8_7a1, ZPatterns-0-4-2a1 and Zope 2.2.1): dtml-call "AUTHENTICATED_USER.logout()" It doesn't work when using LoginManager-0-8-8b1 + ZPatterns-0-4-3b2 + Zope 2.2.4. I've found a work-around: dtml-call "acl_users.logoutUser(AUTHENTICATED_USER.getId())" It logouts user as expected. But, can anybody tell me, why the former one doesn't work as it should ? [EMAIL PROTECTED] /--\ | `long long long' is too long for GCC | \--/ ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager - logging out
No, you are right. It does not work. It is because LM's default login method is Basic. Basic logout does not work because of Basic authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one. The remedy is to change your login method to Cookie so that AUTHENTICATED_USER.logout() works. Good luck. http://lists.zope.org/pipermail/zope/2000-December/037253.html Title: [Zope] LoginManager - logging out [Zope] LoginManager - logging out Aleksander Salwa [EMAIL PROTECTED] Sun, 17 Dec 2000 14:58:43 +0100 (CET) Previous message: [Zope] Windows NT: Changing default TCP port Next message: [Zope] how can you tell who created an object in Zope? Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] I used this code in my logoutForm to logout user in my old setup (LoginManager-0_8_7a1, ZPatterns-0-4-2a1 and Zope 2.2.1): dtml-call AUTHENTICATED_USER.logout() It doesn't work when using LoginManager-0-8-8b1 + ZPatterns-0-4-3b2 + Zope 2.2.4. I've found a work-around: dtml-call acl_users.logoutUser(AUTHENTICATED_USER.getId()) It logouts user as expected. But, can anybody tell me, why the former one doesn't work as it should ? [EMAIL PROTECTED] /--\ | `long long long' is too long for GCC | \--/ Previous message: [Zope] Windows NT: Changing default TCP port Next message: [Zope] how can you tell who created an object in Zope? Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RE: [Zope] LoginManager - logging out
On Sun, 17 Dec 2000, Chalu Kim wrote: No, you are right. It does not work. It is because LM's default login method is Basic. Basic logout does not work because of Basic authentication and that the browser caches the credential. This means unless you shut down your browser, whatever you do, you are back to square one. But I use cookie authentication all the time. [EMAIL PROTECTED] /--\ | `long long long' is too long for GCC | \--/ ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
