I have a problem with persistent logins. When I call
/register/logout.tcl as a user who checked "remember my pwd", the
current session appears to be logged out, but when i quit the browser
and re-enter the site, I will be logged in automatically again.
I observed the same behaviour when testing it on the openacs.org site.
Is this in purpose? When testing logout.tcl on www.arsdigita.com it
correctly deleted my persistent login.
I do not understand the full complexities of what cookies are being
set by the acs system at what situations, but it seems to me that the
only cookie responsible for persistent login is ad_user_login, which
will not be expired by logout.tcl of openacs. logout.tcl rather tries
to unset a cookie called ad_auth, which I did not find mentioned at
any other place in the distribution except in /admin/users/become.tcl
So I changed the cookie_name in logout.tcl from ad_auth to
ad_user_login and from then on it seems to work as expected.
Could somebody please tell me:
1. Is it the expected behaviour that logout deletes the persistent
login info?
2. Can you verify the different behaviour between openacs.org and
arsdigita.com?
3. Is changing the cookie name in logout.tcl something one can do, or
will that have further unwanted consequences?
tia