stefan83 wrote at 2006-12-15 14:51 +0100:
... I have my own information system on Zope. I would like to enable users to login and do acts, what they can do (according to security settings). But I cannot track already logged users.
HTTP is essentially a stateless protocol. To "store" login information you need to have some support from your HTTP client (i.e. browser). Essentially, you have two options: * HTTP authentication In this case, the login is performed and the login information stored by the HTTP client. Your application just tells the client that it requires authentication (by generating a 401 (Unauthorized) response). The client will then open the login dialog and pass the obtained authentication information with any following request. * Cookie based authentication In this case, the login is performed by your application and the obtained information stored in a cookie. The client will add cookie information to any request (provided cookies are not disabled) and your application can check the cookies to find out the users identity. Usually, you will use a component that handles this in a standard way. One option is "CookieCrumbler" (part of "CMFCore"), a more modern (but also considerably more abstract and maybe more difficult) one is "PluggableAuthService" with a "CookieAuthHelper" plugin. -- Dieter