XUF - authentication problem
Horrido, I've got a problem with exUserFolder 0.10.9 running on Zope 2.4.3. Authentication works fine, i get the right username with <dtml-var expr="_.SecurityGetUser().getUserName()">. But it only works in the index_html. When i am browsing to other sites in the same folder i am only an anonymous user. I've configured my Login Form in this way (how discribed in the docs): <form action="content/news" method="post"> <input type="text" size="10" name="__ac_name"> <br> <input type="password" size="10" name="__ac_password"> <br> <input type="submit" value="okay"> The cookie-based-authentication works fine (on other sites). Can somebody kick me in the right direction? Thanks a lot. Sebastian Kors "All your base are belong to us."
Sebastian Kors writes:
Authentication works fine, i get the right username with <dtml-var expr="_.SecurityGetUser().getUserName()">. But it only works in the index_html. When i am browsing to other sites in the same folder i am only an anonymous user. Looks like a browser "bug".
Some browsers do not automatically pass authentication information to requests down in a protected hierarchy. It is not a real bug, as HTTP only specifies that they should do so, not that they must do so. Older versions of IE 5 (IE 5.0) are known to behave this way. Dieter
Some browsers do not automatically pass authentication information to requests down in a protected hierarchy.
It is not a real bug, as HTTP only specifies that they should do so, not that they must do so.
Older versions of IE 5 (IE 5.0) are known to behave this way.
Dieter
Hello, Okay, thanks a lot, but why does it go well when i log in with the browser pop up? And it is strange that it cause sometimes and sometimes not. Could it be a bug in exUserFolder? I have this problem not only on one browser/machine. I've tried out multiple browsers... Sebastian Kors
Sebastian Kors writes:
Some browsers do not automatically pass authentication information to requests down in a protected hierarchy.
It is not a real bug, as HTTP only specifies that they should do so, not that they must do so.
Older versions of IE 5 (IE 5.0) are known to behave this way.
Dieter
Hello,
Okay, thanks a lot, but why does it go well when i log in with the browser pop up? Maybe, you have not been clear enough when you reported your problem...
I now understand that basic authentication (in contrast to cookie authentication) works. Basic (or other HTTP) authentication is identified by the browser performing the login dialog alone without server control. In this case, you can forget the IE 5.0 remark. If the problem only occurs for cookie authentication, then it looks like a cookie problem. Usually, this is caused by a missing "path='/'" argument to the "setCookie" call. There have also been cookie related problems with some newer Apache versions ... Dieter
Some browsers do not automatically pass authentication information to requests down in a protected hierarchy.
It is not a real bug, as HTTP only specifies that they should do so, not that they must do so.
Older versions of IE 5 (IE 5.0) are known to behave this way.
Dieter
Hello, Okay, thanks a lot, but why does it go well when i log in with the browser pop up? And it is strange that it cause sometimes and sometimes not. Could it be a bug in exUserFolder? I have this problem not only on one browser/machine. I've tried out multiple browsers... Sebastian Kors
participants (2)
-
Dieter Maurer -
Sebastian Kors