[albatross-users] Authentication/Login example for RandomModules
Sheila King
sheila at thinkspot.net
Mon May 26 14:01:04 EST 2003
--On Monday, May 26, 2003 10:26 AM +1000 Gregory Bond <gnb at itga.com.au>
wrote:
>> I noticed something about my app the other night, that I didn't like:
>> If I log out and then use the browser's Back button, it takes me back
>> to the Main Account page. This is because the page is cached. However,
>> I would prefer if it were not possible to do that.
>
> Back buttons are the bane of stateful Web apps, no matter how they are
> implemented. I've not found any easy answer to this, apart from train
> the users to "don't do that!" (Easy for me, only a handful of users....)
>
> I'd love a better answer. (I'm using SessionFileApp and Page Objects.)
>
I have something that seems to be working pretty well for me right now.
A live version will be temporarily available here:
http://www.mathxy.com/cgi-bi/temp/myapp.py
The code is (temporarily) in this directory:
http://www.mathxy.com/temp/
It does have lots of debugging statements and stuff. Code is really not
cleaned up for publication. But anyhow...
If I log in with valid username/password (one such login is guest/guest),
it takes me to main account page. If I log out and then do back button, it
is giving me the Expired session page, as I desire, instead of the
'myaccount' page as it did in the version I previously published.
I've accomplished this by overriding the write_headers() function as
follows:
def write_headers(self):
SessionFileAppContext.write_headers(self)
self.request.write_header('Expires', 'Thu, 19 Nov 1981 08:52:00
GMT')
self.request.write_header('Cache-Control', \
'no-store, no-cache, must-revalidate, post-check=0,
pre-check=0')
I just copied these headers from another login page that I sometimes visit
which I know defeats the back-button thing for revisiting your account page
after you've logged out.
The one weird thing about it that I just noticed...
In Mozilla 1.3 it seems to behave for me as I expect. However in IE 5.0, it
continues to always display the 'myaccount' URL in spite of the fact that
I've called a 'redirect' in the code to expired or login or the like. I
will review it on IE 6.0 later, when I use a different computer. I haven't
tested it in any 4.x or older browsers, nor Opera, nor any *nix browsers (I
only have Windows machines at home, and only access to Linux by telnet).
Anyhow, FWIW...
--
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org
More information about the Albatross-users
mailing list