28 Sep
2003
28 Sep
'03
8:16 p.m.
Florian Lindner wrote at 2003-9-27 13:55 +0200:
Dieter Maurer wrote: ...
You may set the "__ac_name" too late to have any effect on authentication. Usually, authentication has already taken place when you get control; exception: AccessRules (or other "__before_publishing_traverse__" and "__bobo_traverse__" hooks).
I don't think so. The fact is that Zope doesn't even know that this is a log in page. It's a page to login BEFORE requesting protected content. So the first contact with Zope authentification is on userObject = self.acl_users.validate(REQUEST)
Zope does the authentication even for non-protected content. When there is not authentication info, the result will be the "Anonymous user". Dieter