Jon Robison wrote: > I have created a login system using the wonderful Ticket system from the > Eagle book. I have modified TicketAccess so that after authentication, > it reviews the arguments in the query string and does push_handler, the > handler being chosen based on the args. > > My only problem is that I want to provide the users with a logout button > which will delete the cookie from thier browser, yet I cannot find how!.
Jon, I had the same problem and could not succesfully delete the cookie from all browsers (IE, Netscape, Konqueror, Lynx, Opera etc.). I eventually solved it by keeping the existing (session) cookie which was assigned when the user first logged in, but marking the user as logged out on the server side. i.e. associate a user cookie with session data stored in a database, and instead of deleting the cookie on the client side, just set something on the server side session information that marks the user as having logged out. If the user then logs in again, just reuse the same cookie and mark the user as having logged in. This way you only have to assign an authentication cookie once per browser session. This may be tough to drop into TicketTool because IIRC it stores the authentication info in the cookie itself, rather than a server side session it associates with a cookie. Not very helpful, but it's another approach. I'd like to hear if you get it working across various browsers by expiring the cookie - for future ref. ~mark
