Hi All, Pardon the cross post, since I dont know where exactly my problems lie...
I am running Zope 2.5.0 (binary release, python 2.1, win32-x86), python 2.1.2, win32 on a Win2k machine with a MySQL server. I just wrote my first UserFolder based on the mysqlUserFolder product, but with some customized stuff to suit my needs. I basically did not use mysqlUserFolder's session and cookie management and instead, am using ZSession for session management. Finally after several days work I have everything running, barring two problems, one doesnt matter much, the other is a gift of the evil empire which I havent figured out as yet. The first problem: For logout purposes I used the function that handles the logout in ZMI and call it from a form; the function is as follows: def user_logout (Self, REQUEST,RESPONSE): """ Terminates user session """ user = Self.check_valid_mysql_user (REQUEST) Self.__terminate_session(REQUEST) realm=RESPONSE.realm RESPONSE.expireCookie('__ac',path='/') RESPONSE.expireCookie('_ZSession',path='/') RESPONSE.setStatus(401) RESPONSE.setHeader('WWW-Authenticate', 'basic realm="%s"' % realm, 1) RESPONSE.setBody("""<html> <meta http-equiv="refresh" content="0; URL=http://xxxx:8080/test_folder/logged_out"> <head><title>Logout</title></head> <body><p>You have been logged out.</p> </body></html>""") return It basically does the job beutifully and I have no problems. What I would like to do however is to be able log back in when prompted for a login and password as a result of this call. I tested the ZMI interface and it does the same too : once you log-out you have to cancel the prompt box and then try and access a protected resource to get logged back in. I tested the control flow and as a matter of fact when I enter the right username/password combo it goes through 'validate' and authenticates it all right but just doesn't accept it and sends another 401. Any ideas as to hwo to get around that would be great....!! The second problem: All of the above works nicely with all versions of Netscape. On IE versions 5.01 and above however, it behaves exceptionally badly. In that I can login and a nice little session variable is created, and the cookies are set up, and when I log out, the sessions are cleared and cookies thrown out and I get prompted to log in which if I cancel, I get booted to the logged out page. All nice and clean. However if I press the back button or type in the URL of a protected resource it sends the authentication information back and I am not prompted to log back in. On looking at the session and cookie info, I found that a new one had been created with the same auth information. "It just ignored the HTTP 401 !!!" Now I dont know if that is a bug in IE ( I am inclined to believe it is!! ), but I have tested my package pretty exhaustively and it works without fail in all NS and upto IE 5.0. If anybody has encountered the problem before and has figured out how to deal with it 'without' closing all IE windows, I would be immensely grateful if s/he could pass on the information. Thanks for you collective patience. Aseem ================================================================== Aseem Mohanty ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ================================================================== _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )