David Siedband wrote at 2003-9-9 10:47 -0700:
I have a situation where Zope log-ins only seem to be recognized by the first page viewed after the user logs in.
I have only been able to duplicate this in Mozilla
HTTP Authentication is quite a difficult terrain... The HTTP 1.1 specification does not strictly require a browser to send authentication information in a request unless challenged by an Unauthorized (401) response. It says, a request *should* send authentication information automatically for a subhierarchie when an URL in the root folder of this hierarchy required authentication. If a browser follows the "should", an authentication at Zope's root folder authenticates you everywhere. However, an authentication below the root folder only authenticates you in the respective subhierarchy. If the browser does not follow the "should", then only objects not accessible by "Anonymous" will see any authentication. If this is a problem for you, leave HTTP authentication and switch over to cookie authentication (by means of CookieCrumbler). Dieter