Christian Scholz wrote:
/folder/list - public accessible dtml method which show the list /folder/edit - protected dtml method
The edit method is protected so that the login requester pops up and asks for a passwort. Originally I was simply redirecting back to the list page inside the edit document by
<dtml-call "RESPONSE.redirect('...../list')">
The problem is now that after the Redirect AUTHENTICATED_USER is again set to Anonymous (which I tested by printing AUTHENTICATED_USER). If I do no redirect but put a normal link back to the list document, everything works as expected (thus showing the edit button).
Sounds like an HTTP Basic Authentication problem. I guess the browser only does its Auth caching for /folder/edit, so when you redirect to /folder/list, it doesn't pass any auth headers so Zope then thinks you're still anonymous :-( I think the trick would be to authenticate in /folder/ in some way, but I may be wrong... cheers, Chris