On Tue, 03 Aug 1999, Michel Pelletier wrote:
BTW, please don't send HTML formatted mail to the Zope list, it makes it a bit difficult to deal with. I'm meaning to mention this for the past week or so...
My apologies... I was at work and forgot that HTML is the company standard...
Zope does not keep the AUTHENTICATED_USER object around in a persistent manner. How HTTP basic auth works is that the server challenges the browser on *every* request, on the first request, the browser caches the uid and pwd the user types in ,and uses it for each subsequent request. The point is, there is NO state maintained on the server end.
Thanks for clearing this up. I thought that Zope, when authenticating the user was storing the results of that authentication, and that, if such was the case, all I would need to do is add the key to a cookie (or url) and match it with a DTML call. Since this isn't the case I can just create my own...
If you want to keep state, you'll have to set a cookie, or munge your URLs. I would set a cookie, URL munging is a pain. To fold your cookie auth into the Zope security framework, you would need to write your own kind of User folder.
Luckily, we have done this allready with UserDB, which can authenticate with cookies against a relational database. To make it work like a normal Zope folder but with cookies, you would jsut have to create a new kind of Zope folder that did the cookie part from UserDB but not the DB part, or you could just use UserDB.
I'll take a look at UserDB, thanks. My suspicion is that I will have to provide solutions for cookies and URL manipulation though to support those users who consistently refuse cookies.
Zope has no built in restrictions for using session like concepts, in fact we have used that model many times. You'll just have to roll your own, because no general solution has been found yet.
-Michel
How will the upcoming Zope Portal Toolkit deal with user authentication and sessions? Looking at the animated demo, I see login screens, etc,... Any idea when this will be available? Thanks, Jason Jones jason_j@countermedia.org