[Twisted-web] Log out on guard login.

Jonathan Lange jml at mumak.net
Mon Jan 31 17:29:08 MST 2005


We recently had some problems with the ISession hanging around even after a new login. Also IE has had some weird behaviour: when you login in with one set of credentials, hit back, then log in again (with incorrect credentials), you are still logged in with your original (correct) credentials.

To work around this, we've monkey-patched guard to logout and expire the session on login.

Below is a patch that adds this change to nevow SVN.

Known problems: 
- line 295 calls portal.login straight-up, and so this patch doesn't help with certain http auth cases.
- I may be doing weird evil wrong stuff with context, mostly because I don't understand it.


Index: nevow/guard.py
--- nevow/guard.py      (revision 1123)
+++ nevow/guard.py      (working copy)
@@ -362,6 +362,11 @@
         return UsernamePassword(username, password)

     def login(self, request, session, credentials, segments, anonymous=False):
+        session.portalLogout(self.portal)
+        from twisted.python import context
+        ctxSession = inevow.ISession(context, None)
+        if ctxSession:
+            ctxSession.expire()
         mind = self.mindFactory(request, credentials)
         session.mind = mind
         return self.portal.login(credentials, mind, self.credInterface).addCallback(

More information about the Twisted-web mailing list