- If a user accesses the site, is not logged in, and as the above described cookie, the server looks up that cookie and auto-logs the user in if possible (so he is then logged in without having to type in his username and/or password) - If the user logs out, he cookie is cleared, the random string is invalidated in the databse and the user is not auto-logged in at the next visit.
Ah.. the danger here, of course, is that anyone using that computer is automagically logged in as that user. This is handy, and in most cases harmless... but I have been stung by this before, with login mixups occuring.
I understand the pros and cons; the question here is /how/ to do all this in the context of Zope. It seems I'm more or less confined to use one of a number of User Folder replacements. Is there a user folder that can do all of the following: - do form login - use URL rewriting to keep tracked of a logged in user - do automatic redirection when a restricted page is accessed - use an optional cookie for "persistent logins" - has customizable, flexible rules for authenticating against a database ? I've been unable to make anything work close to this yet in Zope. I'm looking for some pointers on /how/ I must approach this problem. What products must I use? Are there peculiarities in their configuration to get this to work? Must I write some custom code? I would appreciate any help that anyone can give. Thanks. Gerald.