Bjorn Stabell wrote at 2003-9-2 19:33 +0800:
Has anyone encountered this problem:
When accessing File objects that are not accessible to Anonymous (HTTP and WebDAV View permissions not given), the Basic HTTP Auth window pops up repeatedly even after the user has logged in using the cookie crumbler method, and the user has permissions to view the file. Clicking cancel actually lets the user view the file, but that's not an acceptable solution, of course.
I see this behavior with Zope 2.5.1 & 2.6.1 (haven't tried 2.7b2 yet), and I seem to recall earlier versions as well.
I could not reproduce your problem (Zope 2.6.2b2). However, I remember that I saw similar problem reports in the mailing list. You get the basic authentication when the permission requirements during request processing are stronger than that on the published object. It is unclear, however, why you see the file when you cancel the login dialog. Shane's VerboseSecurity Product may give some clues. Dieter