-----Original Message----- From: Michel Pelletier [mailto:michel@digicool.com] Sent: Thursday, 8 April 1999 23:36 To: Phillip J. Eby; Jay, Dylan; 'zope@zope.org' Subject: RE: [Zope] Has anyone tried authentication accross multiple serve rs?
-----Original Message----- From: Phillip J. Eby [mailto:pje@telecommunity.com] Sent: Wednesday, April 07, 1999 11:10 PM To: Jay, Dylan; 'zope@zope.org' Subject: Re: [Zope] Has anyone tried authentication accross multiple servers?
At 11:29 AM 4/8/99 +1000, Jay, Dylan wrote:
I need this for a website I'm setting up so that users can download from several different locations around the world. I don't want users to have to type in their password twice. I presume there is no way to do this via basic authentication which leaves cookies. Has anyone tried this?
I'm in the midst of figuring out how to do authentication with cookies. The only way I can see to get ZPublisher to work intelligently with cookies is to hack the "unauthorized" method of the ModulePublisher class so that a login page can be called.
One caveat for your project: cookies will only work across servers if the servers share a common domain, e.g.: foo.bar.com and baz.bar.com.
UserDb and etcUserFolder can both do cookie based authentication. It's not too tricky and kinda snazzy in that you can create your own login/logout pages, etc. Check out the source of either package for the details.
I've tried using cookie authentication with UserDB but so far can not get it to work. Everytime I try to login in it presents me with the normal basic authentication header. I believe this maybe something to do with permissions but so far can't figure it out. I am using IIS4 and have turned of basic authentication.