It would be helpful to know what happens when a user who is not logged in tries to access a resource for which login is required. Does that invoke the default exUserFolder login form? If so, you need to figure out how to get Zope to call your custom form instead of the default form. My method of doing this seems unduly complicated! Another point: my processing script just redirects to the intended destination. If login worked, exUserFolder took care of authentication - no need to call validate. But like I said, maybe my approach does seem over-complicated. Cliff Alec Munro wrote:
Hi List,
I'm using ExUserFolder, with zope as the authentication source, and MySQL as the properties source. I have a custom login form, which calls a script called process_login, an exerpt of which follows:
from AccessControl import getSecurityManager
request = container.REQUEST
result = container.acl_users.validate(request=request) name = getSecurityManager().getUser().getUserName()
This seems to work fine, except in rare circumstances. I'm unsure exactly of the details of those circumstances, but what happens is that sometimes when a user logs in, they are redirected to the standard ExUserFolder login form, with a message similar to "session expired, please log in". This also generates an event in the error log, typed "LoginRequired".
My suspicion is that this happens to users who have logged in before, and what is happening is that it checks their cookie, finds it expired, and rather than processing the login as new, invalidates the entire request, and redirects them to the standard login form.
Any clues?
Thanks,
Alec Munro _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )