On Wed, 7 Mar 2001 15:38, Gerald Gutierrez wrote:
- If a user accesses the site, is not logged in, and as the above described cookie, the server looks up that cookie and auto-logs the user in if possible (so he is then logged in without having to type in his username and/or password) - If the user logs out, he cookie is cleared, the random string is invalidated in the databse and the user is not auto-logged in at the next visit.
Ah.. the danger here, of course, is that anyone using that computer is automagically logged in as that user. This is handy, and in most cases harmless... but I have been stung by this before, with login mixups occuring.
I understand the pros and cons; the question here is /how/ to do all this in the context of Zope. It seems I'm more or less confined to use one of a number of User Folder replacements. Is there a user folder that can do all of the following:
- do form login - use URL rewriting to keep tracked of a logged in user - do automatic redirection when a restricted page is accessed - use an optional cookie for "persistent logins" - has customizable, flexible rules for authenticating against a database
? I've been unable to make anything work close to this yet in Zope. I'm looking for some pointers on /how/ I must approach this problem. What products must I use? Are there peculiarities in their configuration to get this to work? Must I write some custom code?
Well, as I understand it the Generic User Folder was designed to allow you to make it work how YOU wanted, instead of world+dog writing their own UF variant. This product, however, has not had any updates or releases since late May last year. As I understand it, LoginManager is the modern, more general variant of the GUF. If provides you with 'interfaces' to Users and Login Methods, and you fill in the blanks. From what I read of the documentation, it will check object permissions, and, if neccesary, challenge the user in whatever way you write. So, to address your points: -do form login .......... LoginManager - usr URL rewriting to keep tracked of a logged in user .......... CookieLess Session - do automatic redirection when a restricted page is accessed .......... LoginManager - use an optional cookie for 'persistent login" .......... LoginManager - has customizable, flexible rules for authenticating against a database .......... LoginManager
I would appreciate any help that anyone can give.
So, it looks like a hands down choice, here. However, I will reiterate, I have not used Login Manager, and am only working on what it claims from the documentation on Zope.org ( http://www.zope.org/Members/tsarna/LoginManager )
Thanks.
Gerald.
Have a better one, Curtis Maloney