[pmwiki-users] identify current authorization level

Patrick R. Michaud pmichaud at pobox.com
Thu Aug 3 12:52:28 CDT 2006


On Thu, Aug 03, 2006 at 01:00:45PM -0400, Henrik Bechmann wrote:
>    I have the sequencing figured out.
> 
>    Here's my code in farmconfig:
> 
>    include_once('local/config.php');
>    $pagename = ResolvePageName($pagename);
>    $isEditAuthorized = (boolean)RetrieveAuthPage($pagename, 'edit', false,
>    READPAGE_CURRENT);
>    echo ' value='.$isEditAuthorized;
> 
>    I think there may be two problems.
> 
>    1. I'm not using (and don't want to use) authuser.php. My author group is
>    quite content with the simple base password protection.

Excellent -- I think running without authuser.php is better in general.  So,
that's one less thing to worry about.

>    2. $isEditAuthorized still returns true *after* logout (&action=logout)
>    per the above echo statement. [...] I'm just finding that clearing the
>    browser's cache fixes that, but I don't understand why, and I can't ask my
>    users to clear their browser cache whenever they logout. Is the echo of
>    $isEditAuthorized returning true because the echo is part of a cache, when
>    in fact $isEditAuthorized is false on the server?

I'm pretty sure you're seeing the browser's cached version of the page,
before the logout occurred.  On the server $isEditAuthorized is certainly 
false.

>    I have $EnableIMSCaching=1; in my farmconfig.php so that page location is
>    preserved when the user returns to a page.

Aha, this is very likely the issue.  ?action=logout is issuing the redirect,
and the browser thinks it already has the page in its cache and displays
that one (i.e., the one before the logout).  Try turning $EnableIMSCaching 
off and see if the $isEditAuthorized appears correctly.  If that works, 
then maybe we can find a way to get ?action=logout to work with IMS caching.

Also, what browser are you using?  Both IE and Mozilla/Firefox have their
own little caching quirks.

Pm




More information about the pmwiki-users mailing list