[Twisted-web] Log out on guard login.

[Jonathan Lange]

Hello,

We recently had some problems with the ISession hanging around even after a new login. Also IE has had some weird behaviour: when you login in with one set of credentials, hit back, then log in again (with incorrect credentials), you are still logged in with your original (correct) credentials.

To work around this, we've monkey-patched guard to logout and expire the session on login.

Below is a patch that adds this change to nevow SVN.

Known problems: 
- line 295 calls portal.login straight-up, and so this patch doesn't help with certain http auth cases.
- I may be doing weird evil wrong stuff with context, mostly because I don't understand it.

cheers,
jml


Index: nevow/guard.py
===================================================================
--- nevow/guard.py      (revision 1123)
+++ nevow/guard.py      (working copy)
@@ -362,6 +362,11 @@
         return UsernamePassword(username, password)

     def login(self, request, session, credentials, segments, anonymous=False):
+        session.portalLogout(self.portal)
+        from twisted.python import context
+        ctxSession = inevow.ISession(context, None)
+        if ctxSession:
+            ctxSession.expire()
         mind = self.mindFactory(request, credentials)
         session.mind = mind
         return self.portal.login(credentials, mind, self.credInterface).addCallback(