Emmanuel Viennet wrote at 2003-1-9 08:11 +0100:
Do you refer to this thread ? http://lists.zope.org/pipermail/zope/2002-August/121367.html No!
Sorry, I did write such a message but it did not go to a Zope mailing list and has been in German. Getting old... The basic idea: You have a central session management (via a backend database). When your user authenticates, he gets a session handle (cookie or URL segment component). The session contains capabilities (to use various services). When the user need capabilities, the appliciation looks into the session via the session handle and checks whether the session provides the capability. In Zope, you could use a specialized User Folder that could access the session and obtain user information from it and then return the corresponding "User" object. In this way, you could use the standard Zope authorization framework. Dieter