Ove Ruben R Olsen wrote:
At 12:42 08.01.2002 +0000, Tim Hicks wrote:
One way around it would be to use some sort of cookie/session based login, but I've not played with that so I can't really help.
Either that or you may use HTTP authetication directly in the URL. This is "nasty" but works.
The original posting from Steven Turoff talked about changeing a Zope-users password and then login with the new password. After a successfull change of password one may use a redirect with the username and password in the URL as specified by the standard:
http://USERNAME:PASSWORD@www.mysite.is.cool/path/to/object/after/redirect
Note that there is a COLON - ":" - between the username and the password and a COMERCIAL AT - "@" - between the username and the FQHN.
This should work, but it can open a security hole in certain environments, as URLs often are logged in proxies and browser histories. And as some proxies generate url-based statistics, it might even make your username/password combination publicly visible. markus -- Markus Schaber - http://www.schabi.de/ Check in to another world - test a _real_ OS.