Zope's default user folder uses HTTP basic authentication, not cookies. When a request comes in, the "authorization" header is taken from the request (it contains the username and password) and Zope does authorization based on roles from there on in. - C ----- Original Message ----- From: "Mario Bianchi" <kammamuri_mb@hotmail.com> To: <zope@zope.org> Sent: Tuesday, August 06, 2002 1:17 PM Subject: [Zope] keeping track of logged in users
Hi list, my questions are about logged in users.
Let's say I log in to my Zope-builded site as user 'foo' and do something (e.g. navigate around). Now if I ask for a resource (say the bar.html file) to which foo has exclusive view permission granted, I get that resource (view that bar.html file) without Zope asking for authentication credentials.
This means of course that Zope automatically checked that the request of bar.html was made by user foo, and also that Zope knows user foo is currently logged in: the question is HOW could it do it?
I have disabled the cookies on my browser (Netscape), cleared the disk and memory cache, erased from the file system the directory used by Netscape as the disk cache, so how could Zope tell that the request of bar.html came from user foo? Based on the IP address of the requestor?
Also, how does Zope keep track of the users currently logged in? What data structures does it use?
More, there seems to be no way of logging out (except if you're a manager: in this case you can use the logout button from the management interface): if you ask for a resource not publicly accessible, you're prompted to enter userid and password and from that moment on you're logged in, but how can you logout?
Regards, Mario.
_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )