* Joachim Werner <joe@iuveno-net.de> [011104 22:51]:
from AccessControl.SecurityManagement import newSecurityManager ... newSecurityManager(None, user)
(where 'user' is the new user object you just created).
Sorry for asking, but what exactly does this do? Without either having a cookie or the BASIC AUTHENTICATION info from a user, how could Zope log somebody in and make sure that it is just that person (and his browser session) that gets access?
Good point, that was only half the story. By creating a new security manager using a specific user, you're only 'logging them in' for the duration of the request. So I didn't really answer the question as posed. To do that, I'd use something like the CookieCrumbler from the CMF (works standalone too, though) and set the relevant cookies (__ac_user and __ac_password). seb