[Twisted-web] Re: /__logout__ doesn't expire the session

[Andrea Arcangeli]

On Fri, Jan 14, 2005 at 08:33:56PM +0100, Andrea Arcangeli wrote:
> expire instead of the user logging out, so I'll simply use the mind to
> expire the session instead of applying the patch I posted (the security

I can't expire the session from there, it gets in some sort of recursion
and tries to expire it twice, and the second time it generates an
exception. Not too bad actually but for now I'm fine with a
unsetCompontent which doesn't fire the exception (at least I get the
bonus that it won't require cookie regeneration).

			if interface is inevow.IResource:
				def logout(session):
					def _logout():
						session.unsetComponent(iweb.IAccount)
					return _logout

				if avatar_id is checkers.ANONYMOUS or avatar_id.shutdown:
					resc = guest.root_page_class()
					resc.realm = self
					return (inevow.IResource, resc, lambda : None)
				else:
					resc = account.root_page_class(avatar_id)
					resc.remember(avatar_id, iweb.IAccount)
					resc.realm = self
					session = mind.request.getSession()
					return (inevow.IResource, resc, logout(session))

btw, the logout trick looks quite like an hack, but the only real problem is
that I can't get to the ctx, so I'm fine with the above trick for now.

Thanks everyone.