|
Chris Jackson
christopher.jackson at gmail.com
Fri Feb 11 13:36:39 EST 2005
I've tried returning apache.HTTP_UNAUTHORIZED among others however, those are just constants and return the respective number back to the browser. Supposedly, or as a matter a fact, the invalidate() method of a Session object is suppose to place a header in outgoing headers to invalidate the session id cookie. Perhaps I may need to also make use of the sess.is_new() method... but that only helps for knowing when to redirect. ~= Chris =~ On Fri, 11 Feb 2005 12:02:21 -0600, Nick <nick at dd.revealed.net> wrote: > In theory if you send a 401 when the person logs out, you will force the > browser to flush the credentials they previously supplied. > > Nick > > Chris Jackson wrote: > > I'm looking to a way of logging out a session putting the user back at > > the Apache authentication dialog box. > > > > What I've done so far is to create a URL that links to a logout > > publisher handler. The handler has: > > > > sess = Session(req, sessid, None, 36000, 0) > > sess.load() > > sess.invalidate() > > sess.delete() > > req.internal_redirect('/myurl/login') > > > > However when revisiting the login page, the browser still holds the > > user's information, but i'd want it to return the user to the actual > > apache authentication handler. > > > > ~= Chris =~ > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > >
|