On Sun, Oct 10, 1999 at 06:18:25PM -0400, Michel Pelletier wrote:
Phil Harris wrote:
kedai,
To my understanding, once a user is authenticated the AUTHENTICATED_USER object is available everywhere the user goes.
I hope I'm right as my new site depends on it, ;¬)
Phil phil@philh.org
I think what kedai wants to do is put AUTNETICATED_USER into a cookie, and then have the next request use the same AUTENTICATED_USER object as the first. It doesn't quite work this way.
yup! tried it and then knew it's wrong! ;)
What I think you're looking for are sessions. The ability to track one 'user' from reqeust to request. Scott Robertson has an alpha session product available on the Zope site. I can't remember it's name, but it's got 'sessions' in it.
yes, it is called Session. but as previously mentioned, if i understand it correctly, it needs to have the session folder/id as the base of operation. the same thing works with phil's way too, *if* any links after is based on the folder users authenticate from. phil, you can verify after you login by appending REQUEST and see AUTHENTICATED_USER, and click any other links, and then append REQUEST and see whether you're still the user you authenticated as. if i want to authenticate of the acl_users in the root folder, what do i call? i tried calling validate, but i cant set the AUTHENTICATED_USER before sending REQUEST, or can i specify when calling validate(password,REQUEST=?) ? is where i'm not quite sure if i wanted to pass AUTHENTICATED_USER. tia
-Michel