complaw@hal-pc.org writes:
... The authentication scheme calls a DTML Method (named "logger") that has security settings such that the challenge/response routine is initiated. Once the user is able to run logger, it takes them back to the index_html file (with the standard_html_header file mentioned above). When comming from the logger object, the menu is constructed correctly (according to the user's role). However, when coming back to index_html from somewhere else (say another folder), it goes back to the non-authenticated menu as if I never logged in (i.e., the code of the AUTHENTICATED_USER has somehow changed or is being ignored). According to the HTTP specification, a browser should automatically add authentication information for requests at the same level or below the object which required the authentication.
Thus, URLs going to a different subtree with not automatically get authentication information and are apparently accessed by "Annonymous". Workaround: Move your "logger" into the root of your Website. Some browsers (prominent example, early versions of IE 5.0) do not follow the HTTP "should" specification. If you have such a browser, upgrade to something better. Dieter